Aha... Thanks. I guess there is no need to add a salt
if I'm the only admin using the database interface.
But I guess if you want to be more secure etc it would
be best to add it so if someone grabbed the database
they will find no matches.
I really have to look into making my databases more
secure than they already are. Any good websites that
is good reading for this? I mean reliable sites with
no bull ***rubbish*** which does not send on the wrong
--- Marco Tabini <[EMAIL PROTECTED]> wrote: > On Tue,
2003-06-24 at 09:36, JeRRy wrote:
> > Hi,
> > Hmmm okay... So if the passowrd was.
> There are ways to avoid this. Typically, you can add
> a random token (or
> a salt) to the password before you calculate its
> checksum. This way, two
> users with the same password will have two different
> However, a brute-force approach as the one suggested
> is *not* quite as
> simple and powerful as it looks. assuming that there
> are even just 62
> valid characters for the password
> (uppercase+lowercase+digits) to go
> over passwords as short as five characters you'd
> have to do 380,204,032
> iterations. Add one more digit and you're already up
> to 19,770,609,664.
> Sure, these are not insurmountable numbers, but they
> quickly add up with
> more and more characters (and I'm not even counting
> all the
> possibilities when it comes to making this more
http://mobile.yahoo.com.au - Yahoo! Mobile
- Check & compose your email via SMS on your Telstra or Vodafone mobile.
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php