so if we store user passwords as a streight hash of the password in the user database, and said database is somehow compromised, an attacker could make use of rainbow tables to find the password. If we salt the password before storing, like:
SHA-1(uppercase(username)+password)
then that makes for a stronger hash, but then an attacker might know this and will adjust his attacks to include passwords prefixed with some other field (if it's that important to him)
i spose what we can do is store passwords like this:
un=uppercase(username)
split un into x parts, depending on length : u1,u2...ux
plit password into x parts: p1,p2....px
then we can store passwords like this:
SHA-1(u1,px,u2,px-1.....p1,ux)
or something slick like that, i dunno. the kool thing is that if the attacker evenfinds the reverse of the hash, and knows the username and tries to remove it from the string, the password is still mixed up!
