As far as my understanding after reading and researching, the purpose of using salt is supposed to be a different salt for every single password to be stored.
If the same salt is used for storing all password, I can understand how to implement this, as I could just store the salt to a constant private variable and use it. But, that's not the case.
Though it makes perfect sense for storing every new password with new different salt, but how do I suppose to know which user's password associated to which salt ? The quick solution I thought of, was to store the salt along with the user's table property, maybe called as 'salt', but that will lose the purpose of having the salt from the first place too if it's too easy to find the salt from the database.
Can anyone advice on this ?
NOTE: I'm using either Python built in library (hashlib) or Bycrypt (Cryptacular or Passlib)
解决方案The quick solution I thought of, was to store the salt along with the user's table property
That's exactly what you do. Knowing the salt doesn't really detract from their benefits:
Identical passwords in your database will have different hashes.
Rainbow tables won't work.
Brute-force attacks that attempt to match against any of your hashes will be slowed down.
2314
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
