Reputation: 21
Using more than one salt in securing passwords
If I use more than 1 salt string, for example 3 or 4, would my password be more secure?
Upvotes: 0
Views: 50
Answers (1)
Reputation: 61952
It's not the number of salts that counts, but the cumulative size of them. If you have at least 128 bit of a randomly generated salt, you should be fine. You only need a salt of appropriate size, but that is not the whole story.
For example, if you're using PBKDF2, you should use a high number of iterations in order to make it really hard for password crackers to brute-force the password. Nowadays, 1,000,000 iterations seems reasonable or you can calibrate it, so that one password hash takes roughly a second. If you use scrypt you should adjust the cost factor in the same way.
Do not hash passwords with a single invocation of a hash function like SHA-256.
Upvotes: 1
Related Questions
- What is best possible way of salting and storing salt?
- Multi part password salt - Common practice
- Storing Salts for Passwords
- Salt, passwords and security
- Password hashing and salting
- Salting the Password with the Password
- Multiple Salts to protect passwords
- Salting Passwords
- What is best way to salt password?
- Double salt for hashing passwords?