Joshua Thijssen has a new post to his blog looking at password hashing and salting - something that, really, should always be done to help protect your site's user information.

Even though it is true in effect that using a salt increases the overall security of your hashes BUT it's not only because your passwords are longer. There is a another (maybe even more important) factor that comes into play, namely the fact they are more secure against rainbow table attacks, but that depends on HOW you season your hashes. Season it incorrectly, and you gain nothing in security even though you think you did...

He gets into some of the details about hashing your information, how you can break that hash easily and how salting your information can help reduce that risk. He also points out things like rainbow tables and brute force that could still break these salted passwords.He recommends using a different method than a single salt - a different one for each user with a part stored in plain-text along with the user record.

DevShed is continuing their series on PHP security with this new tutorial focusing on the security surrounding user authentication.

So far we have covered security vulnerabilities that involve form data, databases and file systems. In this article we are going to look at authentication and the security issues around it. We will also look at some of the most common attacks in this field.

They start things off by describing two of the usual authentication methods - via a login form and through HTTP authentication. They start poking a few holes by looking at some of the common attacks for these approaches including two popular ones - brute force attacks and password sniffing.