Menu
I've seen various methods on how to properly salt a password. The basic premise is that you attach a random string to each password before it is hashed and stored. Can I store the salt in the same table as the password? Also, does it matter if the salt is stored as plain text, as long as each entry has a different salt?
569
Yes. The idea behind a salt is not that the salt be secret, but that it causes the same password for different users to be hashed differently. This raises the size of needed rainbow tables for cracking, or forces a dictionary (or other) attack to be ran against every password separately.
50
The point of salting is that no one has the same hash as users have same password, just putting their username in front of the password then hashing it would be enough.
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
