B
bronco
Guest
No I didn't misunderstood 
The generic part is for example a GUID. You can store this in your sources (say in the generic_salt variable). The user record has a salt field (also with a GUID). Now the actual salt you use for your MESSAGE-DIGEST function is: generic_salt + user.salt (= combined_salt). That's what I meant with f(). Now the actual hashing is done with MESSAGE-DIGEST("sha-512", password, combined_salt). This way the crooks still don't have all the needed info if they steal your database. Rainbow tables are not going to work either.
Continue reading...
The generic part is for example a GUID. You can store this in your sources (say in the generic_salt variable). The user record has a salt field (also with a GUID). Now the actual salt you use for your MESSAGE-DIGEST function is: generic_salt + user.salt (= combined_salt). That's what I meant with f(). Now the actual hashing is done with MESSAGE-DIGEST("sha-512", password, combined_salt). This way the crooks still don't have all the needed info if they steal your database. Rainbow tables are not going to work either.Continue reading...