32 characters combination of numeric, alpha, lowercase, uppercase, and
use different salt for each password.
On Thu, Nov 6, 2008 at 4:17 PM, Karl <[EMAIL PROTECTED]> wrote:
>
>
> Depends on the salt I guess...
>
> I tried that 'tool' against the hashes stored in a site designed for a
> client, where we double-loop the password thru MD5 and it came back 100%
> "uncrackable"... and there is never a need to worry about salting anything.
>
> Just strikes me as 100% absurdly simple to do, and 100% impossible to
> break... never need to worry about who finds your code and tries to reverse
> things, etc. The whole 'salting' thing strikes me as a pointless storm in a
> teacup really. No overhead on the database, no extra tables to piss around
> with, no need to do anything more than:
>
> $password = md5(md5($inputpw));
>
> ...and later on...
>
> if (md5(md5($inputpw)) == $dbpass) {
> ...accept...
> } else {
> ...reject...
> }
>
> If that doesn't beat all this salting hassle... I dunno what does!
>
> Just my zwei pfennig worth...
>
> Cheers...
>
>
>
> *********** REPLY SEPARATOR ***********
>
> On 6/11/2008 at 3:58 p.m. Harvey Kane wrote:
>
>>A far far better approach would be to implement salting, which makes
>>sites like this useless against your passwords.
>
>
> ---
> Karl
> Senior Account Manager
> www.KIWIreviews.co.nz ... Where Your Views Count
> Please consider the environment before printing this email.
>
> Supporting Palmerston North's Santa... see our Community Gold Project page:
> http://www.KIWIreviews.co.nz/santa - To be seen on TVNZ's 'Mucking In' show!
>
>
> >
>
--
Visit my website: http://onlinesid.com
--~--~---------~--~----~------------~-------~--~----~
NZ PHP Users Group: http://groups.google.com/group/nzphpug
To post, send email to [email protected]
To unsubscribe, send email to
[EMAIL PROTECTED]
-~----------~----~----~----~------~----~------~--~---
