As I understand it, the best practice for generating salts is to use some

Question

0

Asked: May 12, 20262026-05-12T18:57:38+00:00 2026-05-12T18:57:38+00:00

As I understand it, the best practice for generating salts is to use some

0

As I understand it, the best practice for generating salts is to use some cryptic formula (or even magic constant) stored in your source code.

I’m working on a project that we plan on releasing as open source, but the problem is that with the source comes the secret formula for generating salts, and therefore the ability to run rainbow table attacks on our site.

I figure that lots of people have contemplated this problem before me, and I’m wondering what the best practice is. It seems to me that there is no point having a salt at all if the code is open source, because salts can be easily reverse-engineered.

Thoughts?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-12T18:57:38+00:00

Editorial Team

2026-05-12T18:57:38+00:00Added an answer on May 12, 2026 at 6:57 pm

Really salts just need to be unique for each entry. Even if the attacker can calculate what the salt is, it makes the rainbow table extremely difficult to create. This is because the salt is added to the password before it is hashed, so it effectively adds to the total number of entries the rainbow table must contain to have a list of all possible values for a password field.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

As I understand it, the best practice for generating salts is to use some

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply