Let this sort of be a part two to another post I started last year: http://www.sitepoint.com/forums/show...-talk-security

There was a portion of the thread where people believed that brute forcing rather than using a rainbow table just wasn't logical. With my recent experience in multi threaded application writing / research, and my beginning research into cluster computing, I can see this being untrue, and more recently this popped up in my news feeds: http://www.dailymail.co.uk/sciencete...ords-hour.html

So there was some talk about running MD5 more than once on the string (only helps if source code has not been revealed to hacker). Ensuring that you have a unique salt per row (this I can tell you will help but wont slow anyone down who knows what they are doing)... But it seems to me that the only way to stay ahead of cluster computing is security by obscurity, and masking the way the you prepare your hash.

Let the discussion begin... again... What are your thoughts and suggestions?