[eluser]webscriptz.be[/eluser]
Hi everybody,
I'm attempting to create a custom user login system with CI for a rather large application. Because of the fact that is will be used by others and that i will be responsable I want to use additional security, and i want your take on it.
What i was thinking to do::
1. SALT string of 512 chars
2. login system:
I ask username - password - pincode (8 digits max)
3. password construction for encryption:
plain encryption with sha1of pincode
SALT + password + sha1(pincode) + SALT
4. password encryption with Cyper AES (as CI uses it by default)
anybody other ideas of protection? or would you like it as a user/owner?