Reputation: 175
Hashing password at user signup on client side and database stores hash only. How to use the same salt again when logging in?
So during user sign up the user enters (password + random salt) and sends that to the server.
During login the user enters (password + random salt?) and sends that to the server.
What do I have to do during the login part to make this work?
Upvotes: 0
Views: 114
Answers (1)
Reputation: 24071
The salt is generated by your server application, not by the user, and it will be stored together with your password in the database (it is not secret). A salt provided by the user would just be a second password.
The purpose of a salt is, that an attacker cannot build one single rainbow-table, to crack all passwords of your database at once. It does it even if it is known. Don't mix up salt and pepper, if you are interested in how to add a server-side secret, you can have a look at my tutorial about secure password storing.
Upvotes: 1
Related Questions
- How to re-add "unique" salt when user logs in?
- adding salt into password before storing it into database
- How can I hash the password in my app
- Hash user password and check hash value in database in Android
- how to hash password on client side? how to transmit password from java device(android)?
- How do I implement salt into my login for passwords?
- How to use salt and hash in login?
- How to store salted hashed password in the database
- Store and validate hashed password with salt
- Android login with hashed username and password