Y
Hacker News
new
|
ask
|
show
|
jobs
by
deskpro
4593 days ago
if my memory is correct this is because they don't have access to $password; they get md5($password) from the client and to store that in the database with a salt need to run md5() again.
1 comments
leapius
4593 days ago
oh ok I thought the usual MO was:
if (md5(password + salt) == stored value) ..
link
Pxtl
4593 days ago
It is, but if you don't have the naked password available at the time that you got your hands on the salt? May as well still salt it.
link
if (md5(password + salt) == stored value) ..