Login Controller/Model |
[eluser]eedfwChris[/eluser]
[quote author="tonanbarbarian" date="1196261609"]To salt the password you have a config option that is the salt string. You then add the salt to the plain text before you encrypt i.e. $hash = md5($this->config->item('password_salt').$password);[/quote] I think he missed your salt addition... It is highly recommended that you also add a "SALT" (see Salt) to your password (or even md5 string) otherwise the password could easily be cracked using Rainbow tables (see Rainbow Tables). Storing JUST a md5 (or sha1) only slightly makes cracking more difficult. Adding a "SALT" usually renders a rainbow table useless. |
Messages In This Thread |
Login Controller/Model - by El Forum - 11-27-2007, 08:14 PM
Login Controller/Model - by El Forum - 11-28-2007, 12:29 AM
Login Controller/Model - by El Forum - 11-28-2007, 01:43 AM
Login Controller/Model - by El Forum - 11-28-2007, 02:53 AM
Login Controller/Model - by El Forum - 11-28-2007, 03:21 AM
Login Controller/Model - by El Forum - 11-28-2007, 06:14 PM
Login Controller/Model - by El Forum - 11-28-2007, 06:23 PM
Login Controller/Model - by El Forum - 11-28-2007, 09:21 PM
Login Controller/Model - by El Forum - 11-28-2007, 10:53 PM
Login Controller/Model - by El Forum - 11-30-2007, 08:05 AM
|