Depends on the salt I guess...
I tried that 'tool' against the hashes stored in a site designed for a
client, where we double-loop the password thru MD5 and it came back 100%
"uncrackable"... and there is never a need to worry about salting anything.
Just strikes me as 100% absurdly simple to do, and 100% impossible to
break... never need to worry about who finds your code and tries to reverse
things, etc. The whole 'salting' thing strikes me as a pointless storm in a
teacup really. No overhead on the database, no extra tables to piss around
with, no need to do anything more than:
$password = md5(md5($inputpw));
...and later on...
if (md5(md5($inputpw)) == $dbpass) {
...accept...
} else {
...reject...
}
If that doesn't beat all this salting hassle... I dunno what does!
Just my zwei pfennig worth...
Cheers...
*********** REPLY SEPARATOR ***********
On 6/11/2008 at 3:58 p.m. Harvey Kane wrote:
>A far far better approach would be to implement salting, which makes
>sites like this useless against your passwords.
---
Karl
Senior Account Manager
www.KIWIreviews.co.nz ... Where Your Views Count
Please consider the environment before printing this email.
Supporting Palmerston North's Santa... see our Community Gold Project page:
http://www.KIWIreviews.co.nz/santa - To be seen on TVNZ's 'Mucking In' show!
--~--~---------~--~----~------------~-------~--~----~
NZ PHP Users Group: http://groups.google.com/group/nzphpug
To post, send email to [email protected]
To unsubscribe, send email to
[EMAIL PROTECTED]
-~----------~----~----~----~------~----~------~--~---
