Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Should the Salt for a password Hash be "hashed" also?

This I think may be a silly question, but I have become quite confused on what I should do here for the best.

When salting a password hash, should the salt also be hashed or left as plaintext?

NOTE: I am hashing a password in SHA-256 and the Salt is a pre defined string as only one password will ever be stored at a time.

TIA

Chris (Shamballa).

like image 758
Shambhala Avatar asked Oct 22 '10 19:10

Shambhala


1 Answers

It doesn't matter.

The purpose of a salt is to prevent pre-computation attacks.

Either way, hashing the salt or using it by itself, results in the same data being added as a salt each time. If you hash the salt, all you are effectively doing is changing the salt. By hashing it first, you convert it into a different string, which is then used as the salt. There is no reason to do this, but it will not do anything wrong if you do.

You just need to be consistent and use the same method every time or you will end up with a different password hash.

like image 117
Alan Geleynse Avatar answered Oct 05 '22 07:10

Alan Geleynse