Should the “Salt” password for the hash also be “hashed”?

Question

This, I think, may be a stupid question, but I am very confused about what I have to do here for the best.

When stuffing a password hash, if the salt should also be hashed or left in clear text?

NOTE. I use a password in SHA-256, and Salt is a predefined string, since only one password will be stored at a time.

TIA

Chris (Shamballa).

+5

Shambhala Oct 22 '10 at 19:50

5 answers

, - . , . , .

, . , . , .

, ( ), . - . , , . .

, , -, .

, -, , .

+7

Marcus Adams 22 . '10 21:12

, , .

+1

Bob 22 . '10 19:54

, . , , .

, :

SaltedHashedPwd = H (H (H (H (..... H (PWD-k + SALT-k) + SALT-k) + SALT-k).....) + SALT-k + N

H - - SALT-k - k- , PWD-k - k- ( ) N - , H

PKCS # 5 N = 1000!

manne , SALT Hash. !

, N = 100 : -)

0

robob 22 . '10 21:22

(, , ), , . , ( , ). , , , , , ( -), ( ) , . , , , .

(If someone sees an error in this logic, please comment.)

0

steinar Oct 22 '10 at 21:36

Alan Geleynse · Accepted Answer · 2010-10-22T19:55:00+0000

It does not matter.

The purpose of salt is to prevent attacks before calculating.

, , . , , , . , , . , , .

, .