Re: SMF modification needed -- upgrade password hash security -- 40 BTC
It's considered best practice to use CSPRNGs for any cryptography, including salts. Predictable salts may offer protection against rainbow tables.. Maybe it protects against "theoretical attacks"?
Take a look at this page:
http://books.google.com/books?id=QJNoykS0Tv4C&lpg=PT199&ots=JN9mj5AsnT&dq=salt+csprng&pg=PT199&redir_esc=y#v=onepage&q&f=false
It turns out that urandom is also cryptographically secure.
The php function, mt_rand(), for example, is not.
Take a look at this page:
http://books.google.com/books?id=QJNoykS0Tv4C&lpg=PT199&ots=JN9mj5AsnT&dq=salt+csprng&pg=PT199&redir_esc=y#v=onepage&q&f=false
It turns out that urandom is also cryptographically secure.
The php function, mt_rand(), for example, is not.