Menu
Possible Duplicate:
What is the optimal length for user password salt?
I tried to find the answer to this question on Stack Overflow without any success.
Let's say I store passwords using SHA-1 hash (so it's 160 bits) and let's assume that SHA-1 is enough for my application. How long should be the salt used to generated password's hash?
The only answer I found was that there's no point in making it longer than the hash itself (160 bits in this case) which sounds logical, but should I make it that long? E.g. Ubuntu uses 8-byte salt with SHA-512 (I guess), so would 8 bytes be enough for SHA-1 too or maybe it would be too much?
506
Current standards suggest a 16 char-length salt http://en.wikipedia.org/wiki/Crypt_%28Unix%29#SHA-based_scheme
Also this question has been asked before :)
190
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
