I tried dynamic salting, works perfectly for just one user, the problem (for me) is when there are more than one user.But I also wanted to use incorporate dynamic salting...
When the user logs in, as soon as the login details have been authenticated, you start changing your salt, and hashes for password / username. The difficulty starts when you have more users and just ONE dynamic salt, because when you generate a NEW salt, the existing usernames and password, that was generated with the old salt, doesn't log you in anymore because the salt has changed. Only your newest password / username will work, and only until you add a new user (and so forth).
Why this is easy with one user is because if you have only 1 salt, in a table (i use mySQL) the salt has a id that is know (to you atleast). If a new table is created, and you add the details, your first row's id will be either 1 or 0 (or the value you assigned it). So when you login, the query that selects the salt looks like :
Code: Select all
<?php $q = mysql_query("SELECT salt FROM salttable WHERE id = 'idValue' "); ?>What i just thought about is that if you have multiple users and just one dynamic salt, on a login you could create new hashes for ALL usernames / passwords?