He talks about it as a nightmare wich implies that storing emails/hashes is worse. I think that storing them is not more difficult, it is more convenient and secure (of course this is relative). But maybe I am missing…
please correct me if I'm wrong: you are not storing passwords, you are storing hashes & salts. One different long random salt for each password. In my database I store hashes obtained with Blowfish:…
Why people are so frightend of storing the salt & hash of the user password? May be I am mistaken but if the salt is unique for each hash it is almost imposible to recover the original password. Of course you must…
He talks about it as a nightmare wich implies that storing emails/hashes is worse. I think that storing them is not more difficult, it is more convenient and secure (of course this is relative). But maybe I am missing…
please correct me if I'm wrong: you are not storing passwords, you are storing hashes & salts. One different long random salt for each password. In my database I store hashes obtained with Blowfish:…
Why people are so frightend of storing the salt & hash of the user password? May be I am mistaken but if the salt is unique for each hash it is almost imposible to recover the original password. Of course you must…