发表新帖
发表新帖

Going from unsalted to salted MD5 passwords

后端 未结
关注
12 832
臣服心动
臣服心动 2021-02-07 02:56

I have a LAMP (PHP) website which is becoming popular.

I played it safe by storing the user passwords as md5 hashes.

But I now see that\'s not secure; I should h

12条回答
  • 闹比i
    闹比i (楼主)
    2021-02-07 03:55

    Why not add a new column new_pwd to your user table, which stores the result of md5($originallyHashOfPwd . $salt). You can then precompute new_pwd and once that's done adjust your login checking to compare the result of md5(md5($entered_pwd) . $salt) to what's in new_pwd. Once you're done switching your login checking, delete the old column.

    That should stop rainbow-table style attacks.

    0 讨论(0)
 看不清?
提交回复
热议问题