Welcome Guest, Not a member yet? Register   Sign In
Login Controller/Model
#6

[eluser]eedfwChris[/eluser]
[quote author="tonanbarbarian" date="1196261609"]To salt the password you have a config option that is the salt string.
You then add the salt to the plain text before you encrypt
i.e.

$hash = md5($this->config->item('password_salt').$password);[/quote]

I think he missed your salt addition...

It is highly recommended that you also add a "SALT" (see Salt) to your password (or even md5 string) otherwise the password could easily be cracked using Rainbow tables (see Rainbow Tables). Storing JUST a md5 (or sha1) only slightly makes cracking more difficult.

Adding a "SALT" usually renders a rainbow table useless.


Messages In This Thread
Login Controller/Model - by El Forum - 11-27-2007, 08:14 PM
Login Controller/Model - by El Forum - 11-28-2007, 12:29 AM
Login Controller/Model - by El Forum - 11-28-2007, 01:43 AM
Login Controller/Model - by El Forum - 11-28-2007, 02:53 AM
Login Controller/Model - by El Forum - 11-28-2007, 03:21 AM
Login Controller/Model - by El Forum - 11-28-2007, 06:14 PM
Login Controller/Model - by El Forum - 11-28-2007, 06:23 PM
Login Controller/Model - by El Forum - 11-28-2007, 09:21 PM
Login Controller/Model - by El Forum - 11-28-2007, 10:53 PM
Login Controller/Model - by El Forum - 11-30-2007, 08:05 AM



Theme © iAndrew 2016 - Forum software by © MyBB