On 12/10/2012 7:11 PM, Paul McNett wrote:
On 12/10/12 3:03 PM, Ed Leafe wrote:
On Dec 10, 2012, at 4:57 PM, Stephen Russell <[email protected]> wrote:
Never thought of it like that but what if a hacker uses a password that is
already there? They get it all.
Only if they guess the correct salt. With unsalted passwords you would
be correct (hence the wisdom of salting).
The hacker would need the username plus the password in any case, salted or
not. I
don't understand the issue other than 'duh, if the hacker has the user name and
the
password, they can get in.'
So using this separate table approach, there would only be ONE column,
and that would contain the HASH(UserID + Salt + Password)?
--
Mike Babcock, MCP
MB Software Solutions, LLC
President, Chief Software Architect
http://mbsoftwaresolutions.com
http://fabmate.com
http://twitter.com/mbabcock16
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
