phpass HAVE BEEN CRACKED! What is the solution? |
[eluser]dmorin[/eluser]
Two points I want to make about @Jondolar's post. First, obfuscating the code, while effective against casual script kiddies, is still debugable and traceable be people with more than casual software dev experience and they would most likely still be able to figure out your hashing algorithm, so don't put too much hope that this will save you. Second, "obfuscate the random salt field" provides questionable additional security. See the following for a good discussion: http://stackoverflow.com/questions/53658...ord-hashes Overall, very good points though |
Welcome Guest, Not a member yet? Register Sign In |