$salt = substr(md5(mt_rand()), 0, 4);
sha1(sha1(strtolower($username) . $password) . $salt)
Sc00bz wrote:It's stored in the database like this:
sha1(strtolower($username) . $password)
The session cookie is stored as (this is because they are dumb):
- Code: Select all
$salt = substr(md5(mt_rand()), 0, 4);
sha1(sha1(strtolower($username) . $password) . $salt)
There is a problem the salt is only on the sever so you would need to brute force the four hex characters of salt too. Well that and it's 2 SHA1s instead of one SHA1.
Users browsing this forum: No registered users and 1 guest