发表新帖
发表新帖

If I make the SALT random for each user, how do I authenticate them?

后端 未结
关注
5 1935
故里飘歌
故里飘歌 2021-02-05 06:27

I\'ve been reading up on the benefits of salting and hashing passwords, but one thing still eludes me...

When I provide a random salt for each user, how do I then know

5条回答
  • 星月不相逢
    星月不相逢 (楼主)
    2021-02-05 06:58

    The salt prevents someone from getting a copy of your encrypted password database and mounting an offline attack against all of the passwords at the same time. It doesn't prevent attacks against a single password.

    You might enjoy reading the original Unix password security article. It does a very good job explaining what a salt is, and why we have them: http://portal.acm.org/citation.cfm?id=359172

    0 讨论(0)
 看不清?
提交回复
热议问题