On 12/10/12 4:26 PM, Paul McNett wrote: > So if that hash exists anywhere in the secret hash table, AND that user > exists in the > users table, the user will be validated even if it was a different password > entered > and that password plus that salt yielded a different hash.
That last "a different" should be "the same". Paul _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
