Previously Dan Korostelev wrote:
> Yeah, that's definetely a mistake! The hash needs to be generated
> using both salt and password.
> 
> Also, I saw a technique when you generate a hash using double hashing,
> like this: sha(sha(password) + salt).hexdigest(). It looks even more
> secure :)

Why would it make things more secure?

Wichert.

-- 
Wichert Akkerman <wich...@wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.
_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to