What I propose, with regard to password hashing, is something like
Scott Courtney wrote: this:
Let string1 = login . "\n" . password . "\n" . iso_timestamp_string
(example: "myaccount\nV3rY53cr37\n20020712094952")
Let hash = md5sum(string1) Store login . "\n" . iso_timestamp_string . "\n" hash in the
equivalent
of the shadow file. (example: "myaccount\n20020712094952\na66c43e395f555447aad298a538f5e38")
You'd be better off using a random function to generate the salt, rather than using a timestamp. Assuming your computer's clock is set somewhere close to true time (or that the delta can be learned), if I know when you changed your password I could use this information to accelerate my attack by making informed guesses about the salt value. Of course if your random function is seeded with the timestamp then the two are equivalent. Depending on your platform, if you use the unix /dev/random, or the java SecureRandom class you should be in great shape.