b3ta.com talk
You are not logged in. Login or Signup
Home » Talk » Message 2446695 (Thread)

storing original passwords is a big bad smelly thing to do.
md5 the password and store in DB. When comparing passwords you md5 the input, with salt if you like, to the md5 hash in db.

There is *no* reason whatsover to store original passwords, and if anyone got access to your DB, you may well have just screwed over every user.

/securityblog
(I helped save b3ta! Jenk Neptune is a pedant and now I can't fit my sig in, Fri 12 Jan 2007, 15:36, archived)