发表新帖
发表新帖

Static Salt vs Random Salt - Security PHP

后端 未结
关注
5 1189
南方客
南方客 2020-12-30 10:08

Is there any working difference between

$hash=sha1($key.$staticSalt);

and

$hash=sha1($key.$randomSalt);
5条回答
  • 悲哀的现实
    悲哀的现实 (楼主)
    2020-12-30 10:36

    I 'm not sure if you are salting correctly -- the purpose of a salt is to foil precomputed dictionary attacks if your database is compromised. Therefore you are using a database to begin with, so what does your "no need to use the DB" comment mean?

    If you are not using a random salt, then you don't make it more difficult for the attacker to attack your hashes if they get their hand on the salt. You will be better off using a random salt -- you won't need to keep it hidden for your security to work.

    The salt also does not need to be long or unusual. "rK" is a good salt. "1q" is also good. Its purpose is simply to vary the output of the hash function.

    0 讨论(0)
 看不清?
提交回复
热议问题