Scroll down to this too,
string hashedPass = MD5(aComplicatedSaltString + password);
Which is a comment someone made about adding in extra, not just the password, perhaps a user name too. This will make the string more complicated, and thus add a bit more security.
I saw another site once which I cannot find any more. It mentioned about creating what I believe was basically a salt and making that salt a random guid. The random guid is stored in the database in a separate field.
What was the purpose of this? That particular example was looking at a database which has a lot of similar rows. If you saw the rows in the database you would be able to see which fields were the same between rows because the hash values would match. If you add in a salt the data could be the same between rows, but their hash values would be different.
Here is similar code,
You can also use AES to hash information into product keys,
No comments:
Post a Comment