Reputation: 121
Is it safer to have the salt in the source code?
Is it safer to have the salt in the source code? If the db gets compromised with salts then everything is lost.. but if they only have hashes they can't do anything with it.. If the salt is in the source code, you could use their userid or something else? anyone know..
Upvotes: 2
Views: 232
Answers (1)
Reputation: 450
Definitely use new salt for each password and store them in the database alongside the passwords. Please see https://en.wikipedia.org/wiki/Salt_(cryptography)#Common_mistakes for reasons. If you want to learn more about the topic, the whole wikipedia article is a great source, followed by https://en.wikipedia.org/wiki/Rainbow_table, maybe even some generic info about hashing like https://en.wikipedia.org/wiki/Cryptographic_hash_function.
Upvotes: 0
Related Questions
- adding salt into password before storing it into database
- Is using a 'salt' all that good?
- Is It Secure To Store Passwords In Web Application Source Code?
- Is it an good idea of Using password itself as an salt
- How should I store a password salt?
- Where is the best place to store the password salt for the website?
- Should I store my salt along with my hashed password in the database?
- Is It okay to save user's salt in the same table as password hash?
- Should a password salt be stored in its own field in the database?
- Salting passwords in open-source projects