Hi,

> Correst me if I'm wrong... but assuming that your salt string is hard coded
> into the program, with a MD5 a password + salt is no more secure then a
> simple password?

Well if you store the hash by itself, if an attacker gets hold of your
hashes they could be brute forced. However with the addition of a salt
it would be largely pointless since you need both pieces (?) of
information (password plus salt) to generate the hash.

-- 
Richard Heyes

HTML5 Graphing for FF, Chrome, Opera and Safari:
http://www.rgraph.org (Updated December 20th)

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to