Reputation: 314
Should a password salt be stored in a database
I try to understand where to store password salts. Every question here doesn't help me to understand where to store them. Should it be saved into the database as an extra column per user or should it be saved somewhere else? I'm asking this because if the is user performing a login then my program need to know the correct password and the salt is a random value.
After implementing it I finally understand how it works. I have to hash a password and generate a salt that is mixed into the hash. The salt has to be stored separately into the database in order to decrypt it during a login.
Thanks to this answer and this answer
Upvotes: -2
Views: 672
Answers (2)
Reputation: 109
Password salts are like unique keys for each user's password stored in a super secure vault—your database. They mix in with the password before hashing, adding an extra layer of protection, like sprinkling magic dust on something valuable. These salts are right there in the database, sitting next to the hashed passwords, so when a user logs in, the system grabs this special key, combines it with the entered password, and then checks if they match the stored password. But here's the deal: that database needs to be a fortress, like, superhero-level security, to keep these keys safe. Just think of salts as personalized bodyguards for your passwords, making it tough for sneaky hackers to crack 'em. They're not secrets, they're just unique bodyguards doing their job.
Upvotes: 2
Related Questions
- Where do you store your salt strings?
- Secure hash and salt for PHP passwords
- How can bcrypt have built-in salts?
- How can I hash a password in Java?
- Best Practices: Salting & peppering passwords?
- What data type to use for hashed password field and what length?
- How should I ethically approach user password storage for later plaintext retrieval?
- Is time() a good salt?