Thread: "Seeding"
View Single Post
09-03-2008, 03:13 PM
 #10
JulesR is offline JulesR
Status: Member
Join date: Apr 2008
Location:
Expertise:
Software:
 
Posts: 129
iTrader: 0 / 0%
 

JulesR is on a distinguished road

  Old

Originally Posted by iwearoddsocks View Post
Woah, lengthy post, thanks

But if you had a unique salt per user for example based on their id and credentials then the md5 hash would become almost uncrackable right? even if the hacker had the files as you cant decode an md5 hash and a database would not have a match for it, plus it adds safety if your using cookies

Just my views, what do you think about it?
Nice idea, but it's the same situation. To generate your custom encrypted string, you'd need to code your registration system files to use their id and credentials. If an attacker got access to these files, they'd see the method you used and it'd only be a matter of time...

Obviously that's a hypothetical scenario, and depends hugely upon someone getting access to those files. I guess it just depends how paranoid you want to be Doing it via your method is certainly more secure than md5 hashing from a database perspective, anyway.