On 23 Mar 2003 Justin French wrote: > I just md5() the passwords, and reset them if needed... rather than > retrieving. The advantage for me on this is that it's portable... md5() is > part of the base PHP install, whereas the mcrypt stuff isn't (or wasn't).
Something like that was my inclination as it seems simpler. One could also md5 the combined user / PW string, so the hash doesn't correspond to a single password. Do you know why there is all the stuff in the docs about using random salts? That didn't make much sense to me. ---------- Tom Rawson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
