Tilted Forum Project Discussion Community - View Single Post

drego · 10-04-2007, 09:36 PM

I agree that the salt should be different for each password. Dilberts spot on in that fact.

While we're sharing our schemas, the one that I'm currently a fan of is first i append a random salt to the password so we have <salt><password> string. From there I do a quick encryption of the string (Rijndael, static key / IV) and then hash it (SHA256).

The overhead isn't to bad at all, but I have not tested it with say....10000 simultaneous logins or anything.

10-04-2007, 09:36 PM	#7 (permalink)
drego Upright Location: WA......somewhere....I hope......	I agree that the salt should be different for each password. Dilberts spot on in that fact. While we're sharing our schemas, the one that I'm currently a fan of is first i append a random salt to the password so we have <salt><password> string. From there I do a quick encryption of the string (Rijndael, static key / IV) and then hash it (SHA256). The overhead isn't to bad at all, but I have not tested it with say....10000 simultaneous logins or anything. __________________ There is no such thing as "Bug Free" software....there is only software with an acceptable (and documented) level of failure. Hack the Planet!!!!