vr_driver

Hi Larry, Thanks for your honest answers. I'll go and have a look at that article, and I appreciate your feedback on this. Cheers, Steve

Hi Larry, I've been starting to think about this topic recently, (with all the recent hacking and stuff) and although I'm no expect in this field, I was a little surprised to read about storing the salt in the database. If a hacker stole the database, they'd be able to find the salt right there, and work their magic... As ignoramous at this, would it be better to use the password as a salt, such as this? $password = "banana" $salt = sha1(md5($password)); $password = md5($password.$salt); I was looking at this page for the example: http://pbeblog.wordpress.com/2008/02/12/secure-hashes-in-php-using-salt/ I don't know how other people use the salt, but I would want to embed it in the files, or store it either... I thought about using values that were constant, or specifically related to the user, eg, the username, an id number etc, but all these could still "in theory" change, and effect the salting of a password. So the only thing I could think of, was make salt, based on the password... What are your thoughts? I don't know what's in your 4th book, and maybe this has been addressed, or is a common question, I don't know. Just thought I'd ask some pros. Thanks, -Steve