Cryptography function that takes random bits and a string (typically a password) and uses a one-way hash to provide a new string that can be used for authentication without providing access to the original string. If a salt function uses enough random bits, the resulting string is generally considered cryptographically secure.
Questions tagged [salt]
1027 questions
64
votes
3 answers
How can I hash passwords in postgresql?
I need to hash some passwords with salt on postgresql, and I haven't been able to find any relevant documentation on how to get that done.
So how can I hash passwords (with some salts) in postgresql?
Kzqai
- 22,588
- 25
- 105
- 137
59
votes
9 answers
Is time() a good salt?
I'm looking at some code that I have not written myself. The code tries to hash a password with SHA512 and uses just time() as the salt. Is time() too simple a salt for this or is this code safe?
Thanks for the answers and comments. I will sum it up…
zmol
- 2,834
- 5
- 26
- 29
58
votes
3 answers
How long to brute force a salted SHA-512 hash? (salt provided)
Here is an algorithm in Java:
public String getHash(String password, String salt) throws Exception {
String input = password + salt;
MessageDigest md = MessageDigest.getInstance(SHA-512);
byte[] out = md.digest(input.getBytes());
…
timothyjc
- 2,188
- 3
- 29
- 54
56
votes
8 answers
How do I implement salt into my login for passwords?
I want to implement a salt into my login system but am a bit confused on how this is supposed to work. I can't understand the logic behind it. I understand md5 is a one-way algorithm and all of the functions that I have come across seem to hash…
Timmay
- 561
- 1
- 5
- 6
53
votes
3 answers
Spring Security Custom Authentication and Password Encoding
Is there a tutorial out there or does anyone have pointers on how to do the following with Spring-Security?
Task:
I need to get the salt from my database for the authenticating username and use it to encrypt the provided password (from the login…
Pete
- 10,720
- 25
- 94
- 139
49
votes
4 answers
How do I generate a SALT in Java for Salted-Hash?
I've been looking around and the closest answer is : How to generate a random alpha-numeric string?
I want to follow this workflow according to this CrackStation tutorial:
To Store a Password
Generate a long random salt using a CSPRNG.
Prepend…
Louis Hong
- 1,051
- 2
- 12
- 27
45
votes
6 answers
What is SALT and how do i use it?
I have been searching around and I am still unsure of what a "salt" is and how to use/implement it. Sorry for the noobish question, I am self learning php.
Drewdin
- 1,732
- 5
- 23
- 35
45
votes
7 answers
Hashing in SHA512 using a salt? - Python
I have been looking through ths hashlib documentation but haven't found anything talking about using salt when hashing data.
Help would be great.
RadiantHex
- 24,907
- 47
- 148
- 244
40
votes
3 answers
Salt and hashing, why not use username?
I must confess to being largely ignorant on most of the high-tech security issues relevant for web applications, but there is one thing I at least thought I could ask because it is a direct question with (hopefully) a concrete answer.
Take this…
Lasse V. Karlsen
- 380,855
- 102
- 628
- 825
40
votes
11 answers
How to generate a good salt - Is my function secure enough?
Here's the function I'm using to generate random salts:
function generateRandomString($nbLetters){
$randString="";
$charUniverse="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
for($i=0; $i<$nbLetters; $i++){
…
JDelage
- 13,036
- 23
- 78
- 112
39
votes
4 answers
Password hashing, salt and storage of hashed values
Suppose you were at liberty to decide how hashed passwords were to be stored in a DBMS. Are there obvious weaknesses in a scheme like this one?
To create the hash value stored in the DBMS, take:
A value that is unique to the DBMS server instance…
Jonathan Leffler
- 730,956
- 141
- 904
- 1,278
37
votes
8 answers
Creating a salt in python
How would I create a random, 16-character base-62 salt in python? I need it for a protocol and I'm not sure where to start. Thanks.
pajm
- 1,788
- 6
- 24
- 30
37
votes
4 answers
Do I need a "random salt" once per password or only once per database?
Further to my previous question about salted passwords in PHP/MySQL, I have another question regarding salts.
When someone says "use a random salt" to pre/append to a password, does this mean:
Creating a static a 1 time randomly generated string of…
barfoon
- 27,481
- 26
- 92
- 138
30
votes
4 answers
Why does crypt/blowfish generate the same hash with two different salts?
This question has to do with PHP's implementation of crypt(). For this question, the first 7 characters of the salt are not counted, so a salt '$2a$07$a' would be said to have a length of 1, as it is only 1 character of salt and seven characters of…
Dereleased
- 9,939
- 3
- 35
- 51
29
votes
2 answers
How to generate SALT value in Java?
What's the best way to produce a SALT value in Java as a String that's at least 32 bytes long?
Tom Bell
- 489
- 2
- 6
- 15