D
D
DarkByte20152016-10-21 10:16:00
Data protection
DarkByte2015, 2016-10-21 10:16:00

How to implement hash salting?

I don't understand the hash salt thing. If the salt is dynamic, then let's say salted the hash, added it to the database. Then, for example, the user wants to log in: he enters the password and you need to take the hash with the salt again, but the salt is random and this time it will be different, therefore, the hash will come out different, which means it will not match the hash from the database ... And if the salt is static, then it can steal and hack everything. Well, or where to store it then so as not to be stolen?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
A
Andrew, 2016-10-21
@OLS

As a first approximation, they are salted so that it is impossible to pre-calculate a large set of hash values ​​for the list of the most popular passwords, and then massively check it against the database. Therefore, the salt can be stored next to the hash value, it is important that it be different for each hash.

U
Urvin, 2016-10-21
@Urvin

Store the salt next to the hash: an article .

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question