Reputation: 311
Does hashing the salt add any security?
I have been thinking very hard about securing my web application even further from brute-force attacks and over-all security. I know that we can store our salt value in plain-text and we still have good security.
Would hashing our salt value add more security to the web application or is it a waste of time and resources on the server?
Upvotes: 4
Views: 126
Answers (3)
Reputation: 24071
No you would not gain anything.
If you hash your password with a salt, and then store a hash of the salt in the database, you won't be able to verify the password.
If you hash the salt, and then use this salt-hash to hash the password, you only exchanged the salt. You will have to store the salt-hash in the database and it acts like the original salt. The time to hash the salt you spend better in doing more iterations on the password hashing.
Upvotes: 1
Reputation: 767
The purpose of a salt is to prevent hackers from accessing the password through pre-calculated rainbow tables. The only way of achieving the password then (implyingi a good hashing algorithm is used) is to brute force, which would take equally long whether the salt is encrypted or not.
Upvotes: 2
Reputation: 1270
At the end you have to concatenate the password and the salt value, so you need to have the original salt value. If you hash the salt value, you do not have its original value anymore since hashing is a one-way function, so I don't think that hashing the salt would be useful (if I understood your question correctly).
Upvotes: 3
Related Questions
- What is the advantage of salting a password hash?
- Is using a 'salt' all that good?
- Does a single Salt provide any additional security?
- hash(hash()) vs salted hash
- How does password salt increase security
- Hashing, adding more salt
- Salting Passwords
- Why does salting a hashed password increase security?
- What is the purpose of the "salt" when hashing?
- Using a hash of what you are hashing as a salt?