What exactly does password hashing and salting protect against? |
[eluser]jimps[/eluser]
[quote author="wowdezign" date="1262824970"]It's true that if a person uses a weak password, then their account is vulnerable. Hashing and salting passwords helps against "rainbow tables". I hope the reference is alright: http://en.wikipedia.org/wiki/Rainbow_table Some developers like to use a site salt. I use a different salt for each user in the db. Hope that helps.[/quote] It's smart to use static salt AND dynamic salt (different for every user). It's also a good thing to don't collect the dynamic user salt in a extra column named "Salt" or something like that. A better way is to use already stored data and merge it with other data. |
Welcome Guest, Not a member yet? Register Sign In |