Author: Pete Freitag
The result of Hash using SHA-512 will always be 128 character hex string no
matter what the input it will always be that length.
You can simply append or prepend the salt to the value you are hashing, eg:
#Hash(password & salt, "SHA-512")#
You don't need to Encrypt your password if you are hashing it, and your
salt should be different for every user, something like a UUID or
GenerateSecretKey("AES") is what i use. You can store the salt in another
column in your user table. I typically generate a new salt every time the
user changes password.
Pete Freitag - Adobe Community Professional
http://foundeo.com/ - ColdFusion Consulting & Products
http://petefreitag.com/ - My Blog
http://hackmycf.com - Is your ColdFusion Server Secure?
On Mon, May 14, 2012 at 8:58 AM, Brian Thornton
----- Excess quoted text cut - see Original Post for more -----