4 comments

[ 3.4 ms ] story [ 19.1 ms ] thread
1) Don't use anything fast (like md5) to hash your passwords. Use many-rounds of md5 or sha-1, or use something specifically designed for password hashing like eksblowfish

2) Don't escape your SQL, use parameterized queries

How good is md5 plus a 4-character (digits, actually, in the slides) salt?