Gert, Vladimir,
When i try to improve stuff, and all i get is strange comments and sarcasm, the fun will quickly dissapear.... But your apologies are accepted.
@Gert
There is actually no need to have a public salt key... however it does make it safer i guess (if a random and a fixed salt is used).
The salting is just to make databases decrypt attacks like lookup tables, reverse lookuptables and rainbow tables on the passwords worthless.
The password itself is now SHA256, so bruteforcing all users will take a long time... even if they have the salt...
Read this nice article: http://crackstation.net/hashing-security.htm
@Trustmaster
The salting is a second line of defense against identity theft (because users are often using the same passwords).
Any system has security flaws... and can come from everywhere (server access, ftp, bad hosting security, flaws in e.g. MySql or PHP, sql injections..... and so on...)
See the download link for the code... Cotonti can use it freely.
