PostPosted: Wed Aug 24, 2005 12:18 am Post subject: Reply with quote
We store our passwords in an md5 style password hash that the PHP crypt function provides. It takes a 13 character salt.
My friend and co-worker brought up a good discussion with me. The discussion was what if the database was to be compromised. Could the passwords be cracked? The answer: yes, a dictionary/brute force cracker, like John the Ripper, could be used to crack as many passwords as possible. In a database with over 1 million passwords, a percentage of them are crackable, probably a large percent.
So, the idea of using a different algorithm to store passwords came up. What if we used: