Reputation: 10830
How to store salts created for hashing in a database?
I have been looking around, and there seems to be many different ways in order to safely store passwords, some more popular than others. Assuming I do not use things like crypt() which does all the work for me in a sense, how should I store the salts randomly generated to be used with sha256 or sha512? I thought about how this can be done, but I am stuck on how this can work effectively. Storing them all in a database and having to use them all seems inefficient. I am curious to know if there is actually a method that is normally used, or if this is really the only way? Thanks in advance.
Upvotes: 2
Views: 180
Answers (1)
Reputation: 163742
Usually, the salt is stored with the password hash, either in the same column or in an adjacent column. There is nothing inefficient about this. Using separate salts for each password is what makes your password system robust.
Upvotes: 3
Related Questions
- store hashed passwords to Mysql
- PHP Salt and hashing of password
- Salted password security
- Storing Hashes to Password in PHP
- sha256/salt password key storage
- How should I store a password salt?
- Using Hash and Salt with MYSQL table
- How should I store my sha512 salted & hashed passwords in MySQL?
- Should I store my salt along with my hashed password in the database?
- Salting my hashes with PHP and MySQL