Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Okay, I know this is probably dead simple, but I can’t seem to find a straight answer anywhere. Let’s say I have the following:
Password: "mypassword"
Salt: 1234567
Is the idea of salting to do something like hash(password + salt) or hash(password) + salt? My guess is that only the former makes any sense at all, but I just want to make sure I’m not missing something.
Please forgive my ignorance.
You’ve got it, it’s the former.
If you just concatenated the salt and the hash, then an attacker can simply remove the “salt” and use a rainbow table. By hashing the plaintext + salt, the salt cannot be factored out.