in reply to
Re: žIs this a secure way to handle login?
in thread Is this a secure way to handle login?
One non-obvious addition. Don't use /usr/dict/words verbatim. Apache and most other web servers will announce what they are and what os they're on. With that piece of info, someone could find the same version of /usr/dict/words that you have and only have to guess your initial random number and hash function (because you'd probably be using one of the standard ones) to replicate your hash. Use a randomized version of /usr/dict/words. That way you have two random elements in play.
perl -l -e "eval pack('h*','072796e6470272f2c5f2c5166756279636b672');"