François Gannaz, on 23 November 2011 - 05:06 AM, said:
at 2011/11/22 09:18pm, yangmls wrote the comment:
That was a typo, I fixed it. Thanks.
Yes, we need to salt passwords, but that's not enough. What the library PHPass does is applying random salting, choosing the best encrypting algorithm available, iterating it a high number of times... What you propose is a good first step, but it is less secure than this library, whose author is a security expert, also the author of the famous "john the ripper". And even your simple code isn't not simpler than my suggested code that uses PHPass.
I'll update the article to explain in a few words what the library does.
Yes, I read the source of the PHPass, I find it use php crypt function to encrypt and put the encrypted password as the salt.
Yeah, You are right, but I just want to express the importance of salt.
Anyway, thank your for reply patiently.