On 12/11/12 4:29 PM, MB Software Solutions, LLC wrote: > On 12/11/2012 7:22 PM, Ed Leafe wrote: >> You can see that without the salt, the hashes are identical. It wouldn't >> be too >> tough to determine the password using rainbow tables. But with the salt, >> there is >> nothing to suggest that Alice and Bob's passwords are the same. > > > Ok but how then on subsequent logins do you add the correct salt to make sure > the > comparison is accurate for their login access into the system?
The unique salt is saved in the user table. When the user changes their password, a new unique salt is generated. Paul _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
