On a semi-related note, I recommend storing the password hash as raw
binary data in the db instead of a hex string ... it'll take up half as
much space that way.
Jon
Scott Hill wrote:
On Tue, Apr 29, 2008 at 10:10 AM, Wade Preston Shearer <
[EMAIL PROTECTED]> wrote:
I have recently written a users class that will manage user accounts for
our various web applications and would like some feedback on how I was
generating, storing, and validating user passwords.
http://rafb.net/p/jW0XR647.html
I pity the poor sucker who tries to hack your passwords! I use sha1 now
instead of md5 for passwords. It means a bigger password column in the
database but for some reason it make me feel more sure. Maybe I'm just
insecure myself.
http://en.wikipedia.org/wiki/SHA1
http://us3.php.net/sha1
_______________________________________________
UPHPU mailing list
[email protected]
http://uphpu.org/mailman/listinfo/uphpu
IRC: #uphpu on irc.freenode.net
