On Sat, Dec 06, 2003 at 15:48:44 -0500,
btober@seaworthysys.com wrote:
> database to not be in plain text, so yea, I was thinking about simply
> xoring them with the respective user's single, non-stored password, or
> more likely xoring against an md5 hash of that single, master password.
It isn't a good idea to xor multiple plain text strings against the same
key string. If it is worth going to the trouble to encrypt the strings
in the first place, it will almost certainly be worth using some more
standard encryption as the cost will be a small amount of cpu time.