H
harbourlights89
Guest
Up until recently my personal philosophy on password security has been pretty lax. No-one would care enough to try and hack my website anyway. But I have decided it's something I should know so I spent the morning reading up on it.
Found a lot of really great (and complicated) scripts and ideas, but what I'm doing right now really doesn't warrant that kind of effort.
So I've gone for a basic $pass1 = md5($salt1.$setpassword.$salt2); approach.
Then on a whim I decided to add in: $pass = substr($pass1, 0, -2);
I'm just wondering if doing that actually makes much of a difference? I'm saving the hash in a cookie so the saved hash will be missing the last two characters. Does this make it even harder to decrypt properly? Because theoretically in my mind it does, but I'm not entirely sure if it works in the real world.
Found a lot of really great (and complicated) scripts and ideas, but what I'm doing right now really doesn't warrant that kind of effort.
So I've gone for a basic $pass1 = md5($salt1.$setpassword.$salt2); approach.
Then on a whim I decided to add in: $pass = substr($pass1, 0, -2);
I'm just wondering if doing that actually makes much of a difference? I'm saving the hash in a cookie so the saved hash will be missing the last two characters. Does this make it even harder to decrypt properly? Because theoretically in my mind it does, but I'm not entirely sure if it works in the real world.