[eluser]richwalkup[/eluser]
[quote author="jedd" date="1245209619"]I'd really like to ask my question again, but it might come across as though I'm taking the piss. Oh, bugger it.
Who has access to your hashed password list?
If your site allows people to hit a few million dictionary attacks an hour, then here's a clue - your problem is not the password encryption algorithm.
If you allow visibility of your password column in your table - your problem is not .. (etc).[/quote]
I asked myself the same question several times throughout the first page. If you have a weakness in your infrastructure that would allow access to your password store, you have way bigger issues than how you encrypt your passwords. Secondarily, I tend to use a combination of MD5 and SHA1 in various methods of split/concat/encrypt/encode so that the final product is a one-way hash of several other hashes so it's ridiculously unlikely to be broken even if it is hacked into. Also remember that NOTHING in cryptography is unbreakable - it's just a matter of time and effort.
