I like the bcrypt class to encrypt the password using a salt.
What's not clear to me is why it stores and the salt and add it to the password. Say the salt is 123 the password here is stored as 123.password. So if the password already contains the salt why store the salt separately or why add the salt in front of the password. That part is not clear to me.

In your article you seem to go further by reversible encrypting the salt with a key located out of the root folder before storing it and by arbitrary redoing the hashing process a couple of thousand times.
But cfwusermanager seems to store the salt as is or maybe I'm overlooking something and seems to tack it onto the password so it's two times in the database.
Op zaterdag 29 december 2012 22:31:29 UTC+1 schreef Tom King het volgende: