发表新帖
发表新帖

Comprehensive information about hash salts

后端 未结
关注
4 1300
旧巷少年郎
旧巷少年郎 2021-01-06 00:33

There are a lot of questions about salts and best practices, however most of them simply answer very specific questions about them. I have several questions which feed into

4条回答
  • 野趣味
    野趣味 (楼主)
    2021-01-06 01:25

    1. No. Using salts correctly will multiply the time it takes for an attacker to crack all the passwords in your database by a factor of millions. Putting salts in another table will add 30 seconds to the time it takes for an attacker to get the salts too.

    2. Yes. It is not a bad idea to use both a global key and a per-user salt.

    3. A salt is, or should be, a cryptographic key. Make it long and random. Database size is not an issue. The salt, like any cryptographic key, can be 128 bits or 16 bytes (32 bytes when stored in hex format).

    4. Your computer should have cryptographically strong pseudo-RNG. Check the security or crypto APIs for your language.

    0 讨论(0)
 看不清?
提交回复
热议问题