On 12/10/12 4:11 PM, Paul McNett wrote: > On 12/10/12 3:03 PM, Ed Leafe wrote: >> On Dec 10, 2012, at 4:57 PM, Stephen Russell <[email protected]> wrote: >> >>> Never thought of it like that but what if a hacker uses a password that is >>> already there? They get it all. >> >> Only if they guess the correct salt. With unsalted passwords you would >> be correct (hence the wisdom of salting). > > The hacker would need the username plus the password in any case, salted or > not. I > don't understand the issue other than 'duh, if the hacker has the user name > and the > password, they can get in.'
Oh, I get it now. You never match the hashed password with the user. That seems dumb unless each user has a unique salt... Paul _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
