Ok, I'm going to use SHA-512 just because I can.
When the user submits their password (when creating an account) I will (in crude mockup code) set usersalt = rand(0-9,a-z) set pw_pre_hash = 'form.password + sitewidesalt + usersalt' set pw_hash = hash(pw_pre_hash, "SHA-512") insert into user table pw_hash, usersalt This way, when I need to chekc their password I just fetch their hash and usersalt then combine their submitted password with the usersalt and sitewidesalt, and compare it to the hash. Good enough? -- Open BlueDragon Public Mailing List http://www.openbluedragon.org/ http://twitter.com/OpenBlueDragon mailing list - http://groups.google.com/group/openbd?hl=en !! save a network - please trim replies before posting !!
