> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > Salt is currently defined as char[2]. Should I encode the rand() as
> > char[4] and send that, or skip null and still encode it as char[4].
>
> There's no need to avoid nulls here, AFAICS. Making the salt a
> fixed-length binary string seems like the best bet.
We have to avoid NULL because we paste together the password and
username with the salt to MD5 encrypt.
Also, I now need two salts, one base62 for crypt and a new one for MD5.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026