[eluser]Yorick Peterse[/eluser]
[quote author="Roobiz" date="1280168724"][quote author="maltzurra" date="1280151085"]Interesting library, good job. But to be honest, there are some pieces of code I don't like at all.
Like the way "remember me" cookies are being stored. I would NOT recommend to store your password in cookies. Even when it's sha1() encrypted. Concat fields, use salts, tokens... Whatever you prefer, but storing password in a file this way, it is just so risky.
Great job anyway [/quote]
For me $rmbcode = sha1(sha1(password + salt));
Well it's not very good but not too bad at all... The way to reverse a sha1 is not very easy so...[/quote]
Double hashing isn't actually more secure than hashing something once. You'd be better off using a secret key (a very long one that is) and a hashing algorithm such as sha512.