17 Jan
2009
17 Jan
'09
7:47 p.m.
Previously Dan Korostelev wrote:
Yeah, that's definetely a mistake! The hash needs to be generated using both salt and password.
Also, I saw a technique when you generate a hash using double hashing, like this: sha(sha(password) + salt).hexdigest(). It looks even more secure :)
Why would it make things more secure? Wichert. -- Wichert Akkerman <wichert@wiggy.net> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple.