md5 | sha1

Posted: Sun Mar 20, 2011 3:19 pm

With regard to the creation of passwords/passkey, I like to see user details to aid in the creation of the stored passkey. For example, password and UserEmail (as salt) encrypted is a stored encrypted passkey. It would be unlikely to have 2 users who have the same password and email. Later if the email is changed, you could force a new password entry as well.

I think the security issues I have seen with regard to passwords is more along the lines of a very weak password, and not the way it was stored. A built in password generation would be a nice little feature. Forcing the use of stronger passwords would also be nice. Little Johny can have the best system on the backend, but if he uses aaa as a password, well... Little Johny will most likely be trying to sell pharmaceuticals Rolling Eyes

.

Involved Joined: Jul 03, 2006 Posts: 273

Eventually I would probably like to add individual unique salts which then have to be stored in table with users but as is what I have done should beef up security ten fold anyway.