|
Is there a significance to the word "salt" for a password salt?
Started by Kyle Heironimus on
, 9 posts
by 9 people.
Answer Snippets (Read the full thread at stackoverflow):
Password :)
http://www.derkeiler.com/Newsgroups/comp.security.misc....
So, it looks like as if you add some "salt" to the original "food" ...
To adding salt to your meal :-)
Because before you hash the password, you add a random text to it.
|
|
Hi guys I have read about password salting, but this might sound a little odd. But how do I store and secure the salt. For example in a multi tire architecture say I use the client machine’s GUID to generate my salt then the user gets restricted to a ...
Answer Snippets (Read the full thread at stackoverflow):
Random completely public, they would still defeat....
It's purpose is to be different for each hash (i.e .
The purpose of the salt is not to be secret.
Storing the salt unencrypted in the database next to the hashed passwords is not a problem.
|
|
What are the advantages / disadvantages of those 3 methods to create a salt?
$salt = md5($password); $salt = sha1(md5($password)); $salt = generate_random_number();
Computing hash:
$hash = sha1($salt + $password);
Started by helloworlder on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
It's a common salt like....
If the salt is too short, it has the same effect as just having a longer password.
The salt is too short.
Then a common rainbow table can be used.
Above is not true if
The database doesn't use salts.
|
Ask your Facebook Friends
|
If the password salt for keys are viewable does it not improve security compared to without salt?
Would it be better just to not use the salt and improve some performance?
Started by Atomble on
, 4 posts
by 4 people.
Answer Snippets (Read the full thread at stackoverflow):
If someone has your hashes, they likely....
Even a publicly viewable salt increases the security a bit, because your attackers cannot use the salt hidden increases security, because then the attacker does not know exactly what function passwords.
|
|
This is a question about salting phrases that need to be hashed.
I was wondering if it more secure to prefix the salt to a phrase or postfix it? salt + phrase or phrase + salt
My question comes from this comment on this post on MD5s . I am not sure I ...
Started by Rajah on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
This means that if you can avoid storing....
The more private the better.
The following factors will affect security though
Is your salt private (if so how private is it?).
Whether the salt is appended to the front or the back makes no difference.
|
|
How can i know value of string which is used as salt for joomla salt enhanced password encryption??
Started by Jasim on
, 5 posts
by 5 people.
Answer Snippets (Read the full thread at stackoverflow):
Or it may be stored in a seperate column in the db table
Joomla generates a random salt for each passwords:
http://forum.joomla.org/viewtopic....
Not familiar with joomla in particular, but most salted passwords either contain the salt).
|
|
Hi. we are 4 adults and one toddler who need to return to Provo from Salt cay on a THURSDAY,(dec. 29th,11) for a 1pm departure. I believe Caicos Express does not do this route on Thurs. Does anyone know if it is possible/easy to get a water-taxi etc. ...
Started by domontherock on
, 11 posts
by 6 people.
Answer Snippets (Read the full thread at tripadvisor):
Hello, I live on Salt Cay and own....
You can also contact Debbie at Salt Cay Divers , and see what she suggests.
I would ask the place you are staying at on Salt Cay the schedule.
With the boat ride from Salt Cay to Grand Turk.
|
|
I'm going out tomorrow and have a new spot for a trail cam. Is it worth salting up the area with all the rain in the forecast? Does it last? or is a dry spell better to preserve the sent/mineral content?
Thanks!
P.S.-Most classy chat on the web!
Well ...
Started by luvshaker on
, 14 posts
by 10 people.
Answer Snippets (Read the full thread at ifish):
I have a spot Ive been puting ....
I would start with loose salt first, the when things pick up, or dry out go to the blocks.
Just dump the salt onto a stump, and when it rains, the salt soaks into the stump.
It is worth it right now.
|
|
Ok, I’m trying to understand the reason to use salt.
When a user registers I generate a unique salt for him/her that I store in DB. Then I hash it and the password with SHA1. And when he/she is logging in I re-hash it with sha1($salt.$password) .
But ...
Started by Krzysztof on
, 6 posts
by 6 people.
Answer Snippets (Read the full thread at stackoverflow):
With a different salt for each user, they can....
Adding a salt massively increases the size.
If you don't use a salt then an attacker can precompute a password<->hash database offline even before they've broken into your server.
|
|
Any salt at all will obviously help when salting and hashing a user's password. Are there any best practices for how long the salt should be? I'll be storing the salt in my user table, so I would like the best tradeoff between storage size and security...
Started by David on
, 6 posts
by 6 people.
Answer Snippets (Read the full thread at stackoverflow):
Currently accepted standards for hashing passwords create a new 16 character long salt for every passwort and store the salt....
BUT, the problem with embedding the salt in the code, is that you're for both.
It if you steal the database.
|
