Jump to content

Mark Baker

  • Content Count

  • Joined

  • Last visited


Community Reputation

0 Neutral

About Mark Baker

  • Rank
    Prolific Member
  • Birthday 12/19/1960

Profile Information

  • Gender
  • Location
    Wigan, NW England
  1. I use ripemd128 with a binary salt derived from one element of non-displayed user information from the user record in the DB (Creation date/timestamp as binary) and one piece of information from the server environment. It serves me, and has passed a number of security audits.
  2. There's not really much point in setting passwords if the users can simply click a link and change it without doing something to prove who they are.... But I seem to recall an early version of Windows Lite called "Joe" which used exactly that principle. If the user got their password wrong three times in succession, it assumed they'd forgotten it and allowed them to simply reset it
  3. Correct, a hashed password has to be reset (issuing a new password) if the user forgets it
  4. You can make it even harder by introducing a level of bitwise logic: $encryptedPassword = md5(md5(sha1($plainTextPassword))) ^ md5(sha1(md5($plainTextPassword)));
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.