The server now uses salting and SHA-1 hashing for the passwords. Just to be sure that no sensitive data can be salvaged should my database ever get hacked. In the USA some website was fined $250.000 for losing plain-text passwords. Although I am living in a less insane jurisdiction than the US, it's better to be safe than sorry. Also it's a matter of responsibility.
The salt is the string representation of a randomly generated GUID, so it's very unlikely that someone has a rainbow table for it.
No comments:
Post a Comment