on 23/03/03 2:02 AM, [EMAIL PROTECTED] ([EMAIL PROTECTED]) wrote: > On 23 Mar 2003 Justin French wrote: > >> I just md5() the passwords, and reset them if needed... rather than >> retrieving. The advantage for me on this is that it's portable... md5() is >> part of the base PHP install, whereas the mcrypt stuff isn't (or wasn't). > > Something like that was my inclination as it seems simpler. > > One could also md5 the combined user / PW string, so the hash doesn't > correspond to a single password. > > Do you know why there is all the stuff in the docs about using random > salts? That didn't make much sense to me.
That's in the user notes... ignor it... md5() does not have to be salted... infact, you WANT the md5() to be static... because you will compare the md5()'d password in the database with the md5()'d password that they submit on a form. Justin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
