Nikola Smolenski wrote:
>Try: $password =
md5("{$user_id}-".md5($user_password));
How much safer this exactly is than simply
md5($user_password)?
It's much safer. The MD5 of the username serves as a salt, essentially
defeating the possibility of an adversary using rainbow tables
(precomputed hashes) to trivially recover the actual passwords.
-IK