I do the same thing, but if they can get to your code, they can discern how you get your salt. I guess that is the upshot of what Mark was saying. If they cannot get to your code however and read it, then it seems safe enough for me. My salts are dynamically generated using a method only I know, so even if someone were able somehow to crack one password, it wouldn't work with any of the others.
Bob S > On Jun 6, 2018, at 12:10 , Tom Glod via use-livecode > <use-livecode@lists.runrev.com> wrote: > > i don't currently use a hardcoded salt..... but i generate a salt from > unique data that binds to the password and the user. > > > your participation in these topics is much appreciated. cheers _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
