Aha... Thanks.  I guess there is no need to add a salt
if I'm the only admin using the database interface. 
But I guess if you want to be more secure etc it would
be best to add it so if someone grabbed the database
they will find no matches.

I really have to look into making my databases more
secure than they already are.  Any good websites that
is good reading for this?  I mean reliable sites with
no bull ***rubbish*** which does not send on the wrong


 --- Marco Tabini <[EMAIL PROTECTED]> wrote: > On Tue,
2003-06-24 at 09:36, JeRRy wrote:
> > Hi,
> > 
> > Hmmm okay... So if the passowrd was.
> > 
> [snip]
> There are ways to avoid this. Typically, you can add
> a random token (or
> a salt) to the password before you calculate its
> checksum. This way, two
> users with the same password will have two different
> hashes.
> However, a brute-force approach as the one suggested
> is *not* quite as
> simple and powerful as it looks. assuming that there
> are even just 62
> valid characters for the password
> (uppercase+lowercase+digits) to go
> over passwords as short as five characters you'd
> have to do 380,204,032
> iterations. Add one more digit and you're already up
> to 19,770,609,664.
> Sure, these are not insurmountable numbers, but they
> quickly add up with
> more and more characters (and I'm not even counting
> all the
> possibilities when it comes to making this more
> secure).
> Mt.
> - Yahoo! Mobile
- Check & compose your email via SMS on your Telstra or Vodafone mobile.

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to