phpass HAVE BEEN CRACKED! What is the solution? |
[eluser]Jondolar[/eluser]
[quote author="dmorin" date="1245373295"]Two points I want to make about @Jondolar's post. First, obfuscating the code, while effective against casual script kiddies, is still debugable and traceable be people with more than casual software dev experience and they would most likely still be able to figure out your hashing algorithm, so don't put too much hope that this will save you. Second, "obfuscate the random salt field" provides questionable additional security. See the following for a good discussion: http://stackoverflow.com/questions/53658...ord-hashes [/quote] I agree with your points. |
Welcome Guest, Not a member yet? Register Sign In |