Originally Posted by TFlan
It doesn't really matter if it's in a separate table within the same database, if a hacker has access to one table, s/he has access to all tables.
Doing what you are doing will stump the amateur hacker, but a pattern is a pattern, regardless of how you slice and dice it.
I won't say "this is worth it", but I also won't say this isn't worth it - Passwords are inherently and forever insecure
so how do the big boys do this, For instance you never hear Google or high end banks getting hacked.
So how would they do this.
I know scrypt is meant to be the best but just because its the best now doesnt mean it will be in 12 months.
For instance everyone thought sha was the best then hackers cracked it.