Y
Hacker News
new
|
ask
|
show
|
jobs
by
leapius
4595 days ago
ugh, cos md5 squared is twice as secure as just once - why not md5 x 10 to be uber secure?
1 comments
deskpro
4595 days ago
if my memory is correct this is because they don't have access to $password; they get md5($password) from the client and to store that in the database with a salt need to run md5() again.
link
leapius
4595 days ago
oh ok I thought the usual MO was:
if (md5(password + salt) == stored value) ..
link
Pxtl
4595 days ago
It is, but if you don't have the naked password available at the time that you got your hands on the salt? May as well still salt it.
link