How to store salt for salt

Question

How to store salt for salt

I have seen various methods for properly salting a password. The basic premise is that you attach a random string to each password before hashing and saving it. Is it possible to store salt in the same table as the password? Also, does it matter if the salt is stored as plain text, if each record has a different salt?

+6

mysql passwords md5 sha1

Eric Di Bari Nov 12 '10 at 17:56

source share

2 answers

The salting point is that no one has the same hash, because users have the same password, just putting their username in front of the password, then hashing it will be enough.

+2

James t Nov 12 '10 at 17:58

source share

Donnie · Accepted Answer · 2010-11-12T17:58:47+0000

Yes. The idea of salt is not that the salt be secret, but that it forces the same password to be hashed differently for different users. This increases the size of the necessary rainbow tables for hacking or forces each dictionary to launch a dictionary (or other) attack separately.

How to store salt for salt

More articles: