Menu
Right now I have a "salt" column and a "password" column in the database (the user table), both varchar(64) and take sha-256 hashes as values.
Do you think it's a good idea to eliminate the salt column and use the user's e-mail address to generate a salt during password validation? This would save some space in the database.
452
I don't think it's a problem to store the a random salt, instead of deriving them from other columns of the user.
However, if you decide to use one or more other columns for the salt, you need to be 100% sure that the value chosen never changes. In your example, if the user changes email address, you have lost any way to validate his password.
177
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
