This is Ivanhoe011's TypePad Profile.
Join TypePad and start following Ivanhoe011's activity
Already a member?
Update has been hidden from all public facing feeds in TypePad
Salt is not required to be secret at all, the idea of a random salt (and it should be unique for each user) is to make it impossible to use rainbow tables. Of course, attacker knows the salt since it's in the same DB table as a password, but he will have to brute-force each account separately, which makes it almost impossible to hack thousands of accounts at once. This is pretty much the best you can do, and the same approach is used by linux and many other systems for decades. Also, when adding the salt one should always use HMAC, instead of simple concatenation of salt to the password. HMAC is developed specially for this, it benefits in better security as e.g. HMAC-MD5 does not suffer from the same weaknesses as MD5. I believe all major languages have support for it.
Commented Apr 7, 2012 on
Hashes are a bit like fingerprints for data. A given hash uniquely represents a file, or any arbitrary collection of data. At least in theory. This is a 128-bit MD5 hash you're looking at above, so it can represent at most 2128 unique items, or 340 trillion trillion trillion. In reality the...
Ivanhoe011 is now following
The Typepad Team
Apr 7, 2012
Subscribe to Ivanhoe011’s Recent Activity
View all »
Around The Web
All Rights Reserved.
Terms of Service