passwords

I've been reading Stack Overflow questions for about 15 minutes now and every single one seems to contradict the previous one I read. Bcrypt, SHA1, MD5, and so on. I currently MD5 my passwords, but I want to make my database more secure in case of a breach. I know this has been asked a million times, but I can't seem to find a decent answer anywhere else. Thanks. The reason you see contradictory answers is because there is no right one. You should use the most secure method that your application can support. More secure = more overhead. MD5 has been broken and cracked. According to this

I need to create a some SAML 2.0 assertions, and I'm having trouble finding what the XML should really look like. Most of the documentation seems to be about using particular tools, not about the messages. I've got the schemas, with a plethora of possibilities, but I can't find an example of what the relevant messages actually look like in practice. The business rule says: in order to create a shared identity, the user tells system A their username and password on system B. System A needs to communicate this info (along with some demographics) to system B. System B validates the information

We have a current application where user login credentials are stored in a SQL Server DB. These are, basically, stored as a plain text username, a password hash, and an associated salt for this hash. These were all created by built in functions in ASP.NET's membership/role system. Here's a row for a user named 'joe' and a password of 'password': joe,kDP0Py2QwEdJYtUX9cJABg==,OJF6H4KdxFLgLu+oTDNFodCEfMA= I've dumped this stuff into a CSV file and I'm attempting to get it into a usable format for Django which stores its passwords in this format: [algo]$[salt]$[hash] Where the salt is a plain

I've been reading up on the benefits of salting and hashing passwords, but one thing still eludes me... When I provide a random salt for each user, how do I then know what the salt was when I try to authenticate them to login? so if I do.. HASHPW = PW.RANDOMNUMBER I could store the random number in the database, but that seems to kill the entire point of adding the salt.. doesn't it? I could also use a non random number for each salt, but then that also kills the point of the salt because if they figure it out they have all my users passwords... I just started learning PHP and MySQL and