Reputation: 23
Trying to understand the concept of salting a password
I understand that if we just hash a password, a hacker could use a pre calculated hashed password table and compare it to the actual hashed password table. From what I understand if we add a random string as a salt before hashing, the pre calculated hash table won't work.
Now my question is, suppose a users password is "password", I add 999 to it and hash the string "password999" before saving it. Now when the user returns to my site, how do I know that I need to add 999 to his password before it is compared to the hashed values in the database? Do I maintain a separate table with all the salts for every username?
Upvotes: 2
Views: 68
Answers (1)
Reputation: 887195
You need to store the salt for each user in a separate column next to the password.
Upvotes: 3
Related Questions
- Using more than one salt in securing passwords
- How does using a salt make a password more secure if it is stored in the database?
- adding salt to a password
- Password hashing and salting
- Why do we use the "salt" to secure our passwords?
- Salting the Password with the Password
- Understanding Password + Salting
- Salting Passwords
- Why does salting a hashed password increase security?
- How does hashing and salting passwords make the application secure?