I am in the process of upgrading the security level of my site.
When researching for the best method to store passwords i found the BCRYPT option in PHP 5.3. I have implemented this function to use a static SALT, however I read that each password should have a different SALT or defeats the purpose.
Should I store the SALT in the database with the user record in plain text? Does this defeat the purpose as well? or should i hash the salt using md5 and store it in the database?
What is the best method when implementing this and storing SALTs?
No comments:
Post a Comment