php - How should I incorporate the salt in my password hash? -

-

how stronger would

return sha1($salt.sha1($passwd));

be compared just:

return sha1($salt.$passwd);

$salt per-user string of length 12 consisting of strong random ascii.

it's twice strong, because attacker needs perform twice many sha1 calculations brute force attack.

of course, still not impressive. on other hand, doing sha1 5000 times in loop practical authorization, makes attacks take 5000 times longer - technique known key strengthening. is, however, poor man's substitute adaptible-cost hash algorithms jacco mentions.


Comments

Post a Comment

Popular posts from this blog

ruby - When to use an ORM (Sequel, Datamapper, AR, etc.) vs. pure SQL for querying -

-
a colleague of mine designing sql queries 1 below produce reports, displayed in excel files through external data query. @ present, reporting processes on db required (no crud operations). i trying convince him better use ruby orm in order able display data in rails/sinatra app. despite obvious advantages in displaying data, advantages there him in learning use orm sequel or datamapper? the sql queries writing quite complex, , being relatively new sql, complains time-consuming , confusing. possible write extremely complex queries orm? , if so, suitable(i have heard sequel legacy dbs)? , advantages of learning ruby , using orm versus sticking plain sql, in making complex database queries? i'm datamapper maintainer, , think complex reporting should use sql. while think someday we'll have dsl provides power , conciseness of sql, i've seen far requires write more ruby code sql complex queries. rather maintain 5 line sql query 10-15 lines of ruby code desc...
Read more

php - PHPDoc: @return void necessary? -

-
is necessary this: /** * ... * * @return void */ i have quite few methods don't have return value, , seems redundant put in comment. considered bad form leave out? if makes clear documentation, leave in, isn't strictly necessary. it's entirely subjective decision. personally, leave out. edit stand corrected. after little googling, wikipedia page says: @return [type description] tag should not used constructors or methods defined void return type. the phpdoc.org website says: @return datatype description @return datatype1|datatype2 description the @return tag used document return value of functions or methods. @returns alias @return support tag formats of other automatic documentors the datatype should valid php type (int, string, bool, etc), class name type of object returned, or "mixed". if want explicitly show multiple possible return types, list them pipe-delimited without spaces (e.g. "@retur...
Read more

c++ - Convert big endian to little endian when reading from a binary file -

-
this question has answer here: how convert between big-endian , little-endian values in c++? 28 answers i've been looking around how convert big-endian little-endians. didn't find solve problem. seem there's many way can conversion. anyway following code works ok in big-endian system. how should write conversion function work on little-endian system well? this homework, since systems @ school running big-endian system. it's got curious , wanted make work on home computer also #include <iostream> #include <fstream> using namespace std; int main() { ifstream file; file.open("file.bin", ios::in | ios::binary); if(!file) cerr << "not able read" << endl; else { cout << "opened" << endl; int i_var; double d_var; while(!file.eof()) {...
Read more