|
Is there a significance to the word "salt" for a password salt?
Started by Kyle Heironimus on
, 9 posts
by 9 people.
Answer Snippets (Read the full thread at stackoverflow):
Password :)
http://www.derkeiler.com/Newsgroups/comp.security.misc....
So, it looks like as if you add some "salt" to the original "food" ...
To adding salt to your meal :-)
Because before you hash the password, you add a random text to it.
|
|
Hi guys I have read about password salting, but this might sound a little odd. But how do I store and secure the salt. For example in a multi tire architecture say I use the client machine’s GUID to generate my salt then the user gets restricted to a ...
Answer Snippets (Read the full thread at stackoverflow):
Random completely public, they would still defeat....
It's purpose is to be different for each hash (i.e .
The purpose of the salt is not to be secret.
Storing the salt unencrypted in the database next to the hashed passwords is not a problem.
|
|
In a previous topic, the question was asked about using table salt vs. sea salt . I always thought salt was salt period…but this got me thinking about salts with these questions coming to mind.
What is the difference between table salt, sea salt and kosher...
Started by Big Dale on
, 8 posts
by 6 people.
Answer Snippets (Read the full thread at fncinc):
It's pricey, but....
Make sure if you get sea salt you don't get finely ground, you are buying it in part for the large crystals.
I use kosher most of the time, and sometimes use sea salt the science.
Table salt and never buy it again.
|
Ask your Facebook Friends
|
What are the advantages / disadvantages of those 3 methods to create a salt?
$salt = md5($password); $salt = sha1(md5($password)); $salt = generate_random_number();
Computing hash:
$hash = sha1($salt + $password);
Started by helloworlder on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
It's a common salt like....
If the salt is too short, it has the same effect as just having a longer password.
The salt is too short.
Then a common rainbow table can be used.
Above is not true if
The database doesn't use salts.
|
|
If the password salt for keys are viewable does it not improve security compared to without salt?
Would it be better just to not use the salt and improve some performance?
Started by Atomble on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
If someone has your hashes, they likely....
Even a publicly viewable salt increases the security a bit, because your attackers cannot use the salt hidden increases security, because then the attacker does not know exactly what function passwords.
|
|
This is a question about salting phrases that need to be hashed.
I was wondering if it more secure to prefix the salt to a phrase or postfix it? salt + phrase or phrase + salt
My question comes from this comment on this post on MD5s . I am not sure I ...
Started by Rajah on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
This means that if you can avoid storing....
The more private the better.
The following factors will affect security though
Is your salt private (if so how private is it?).
Whether the salt is appended to the front or the back makes no difference.
|
|
How can i know value of string which is used as salt for joomla salt enhanced password encryption??
Started by Jasim on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
Or it may be stored in a seperate column in the db table
Joomla generates a random salt for each passwords:
http://forum.joomla.org/viewtopic....
Not familiar with joomla in particular, but most salted passwords either contain the salt).
|
|
I'm struggling to get a handle on my salt intake. It's kind of very important, so I gotta do it. I confess I was a salt lover so it's going to be a challenge.
I'm not going to lie, I find it somewhat confusing, just when I think I'm moving in the right...
Started by elbows on
, 18 posts
by 14 people.
Answer Snippets (Read the full thread at straightdope):
Get some Mrs Dash or similar salt-free seasoning blend (NOT a potassium chloride salt substitute....
I can't help with salt, I'm an unrepentant addict but if you're really missing your beloved would save you from reading a few million labels.
|
|
Ok, I’m trying to understand the reason to use salt.
When a user registers I generate a unique salt for him/her that I store in DB. Then I hash it and the password with SHA1. And when he/she is logging in I re-hash it with sha1($salt.$password) .
But ...
Started by Krzysztof on
, 6 posts
by 6 people.
Answer Snippets (Read the full thread at stackoverflow):
With a different salt for each user, they can....
Adding a salt massively increases the size.
If you don't use a salt then an attacker can precompute a password<->hash database offline even before they've broken into your server.
|
|
Any salt at all will obviously help when salting and hashing a user's password. Are there any best practices for how long the salt should be? I'll be storing the salt in my user table, so I would like the best tradeoff between storage size and security...
Started by David on
, 6 posts
by 6 people.
Answer Snippets (Read the full thread at stackoverflow):
Currently accepted standards for hashing passwords create a new 16 character long salt for every passwort and store the salt....
BUT, the problem with embedding the salt in the code, is that you're for both.
It if you steal the database.
|
