Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’d like to build an authentication system, where each user has her own salt – each password gets hashed with the salt of the user it belongs to.
How should I design the database schema?
Here’s a design I came up with, but I’m not sure about it, as hash depends on salt and this violates third normal form:
users(id, salt, hash, ...)
While I’m not a stickler for conformance to normalisation rules I understand where you’re coming from.
To remove the offending column and yet retain its function you could consider simply concatenation the salt and the hash inside one field; you don’t need a delimiter if one or both values keep the same length.
Alternatively, you can use Bcrypt as your password hash: the hashing takes a random salt together with the password and a cost factor; it produces a long string that you can store in the password field. Check out ircmaxell’s blog for his work on this subject.