Okay. Say for example that i set the salt for a password to “hello.” Can’t someone just look at the source code and discover the salt? If so, how would I hide it? Thanks.
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Okay. Say for example that i set the salt for a password to “hello.” Can’t someone just look at the source code and discover the salt? If so, how would I hide it? Thanks.
Salts are are usually stored in plain text alongside the password hash. The main reason they are there is to make it more difficult to use precomputed rainbow tables and more difficult to perform a dictionary attack on all the passwords in the database.
You should also use a different randomly generated salt for each password, rather than a single salt for your entire application. This means that each password must be cracked separately.