Originally Posted by iwearoddsocks
I'd disagree on the hacker thing because even if the hacker did have access to the database, and the like decoding method he still wouldnt be able to decode and md5
|
Sure they would - that's the purpose of rainbow tables. They'd simply take your unique key and encryption method and generate another table using the matching implementation.
Remember, it's not about decoding the passwords as such, it's more about understanding the way they were encrypted so you can use the same method and effectively "brute force" your way in.
if were talking about using this to protect users security but the site should be secure too so we dont have to take these methods ^_^
|
Absolutely, in terms of coding and the server security itself. Be aware though that SSL certificates only encrypt the connection between browser and server, and do nothing at all to make the data received or stored by the site any more secure - a misconception that many people have.