On Sunday 28 August 2005 21:59, Brion Vibber wrote:
Try: $password =
md5("{$user_id}-".md5($user_password));
How much safer this exactly is than simply md5($user_password)? I'm not a
cryptography expert, but I'd say not much, as someone who manages to read a
database will likely have usernames in addition to md5s, so it would not be
much harder to crack them (only twice as slow, it seems to me).