Stack Overflow
Stack Overflow

Questions tagged [salt]

Cryptography function that takes random bits and a string (typically a password) and uses a one-way hash to provide a new string that can be used for authentication without providing access to the original string. If a salt function uses enough random bits, the resulting string is generally considered cryptographically secure.

1027 questions
27
votes
2 answers

Rails 3 / Devise: Password salt no longer being created?

I've been working on a project for a while now which uses Devise for user authentication. Whenever a user was created, it would generate a password salt for them along with their encrypted password. As I'm coming to the tail end of this project, I…
Shannon
  • 2,744
  • 3
  • 28
  • 37
27
votes
2 answers

WebMatrix WebSecurity PasswordSalt

I am using WebMatrix and have built a website based on the "StarterSite". In this starter site you get a nice basic layout - including registration, login, forgot password pages etc... I've noticed that in the database that the "webpages_Membership"…
Stuart Clement
  • 541
  • 6
  • 14
26
votes
5 answers

Salting passwords 101

Could someone please help me understand how salting works? So far I understand the following: Validate password Generate a random string Hash the password and the random string and concat them, then store them in the password field... How do we…
Mohamad
  • 34,731
  • 32
  • 140
  • 219
25
votes
7 answers

Is it okay to store salts with hashes?

My understanding is that a salt is not intended to be secret, it is merely intended to be different from any centralized standard so that you can't develop a rainbow table or similar attack to break all hashes that use the algorithm, since the salt…
Imagist
  • 18,086
  • 12
  • 58
  • 77
24
votes
6 answers

PHP salt and hash SHA256 for login password

I've made encrypting of the password in my register script and they are stored in the database, and I have to use them to login, so I would want to use the unencrypted ones to login. I've read some of the threads in here but nothing is helping me.…
slavacademy
  • 676
  • 1
  • 9
  • 22
23
votes
1 answer

Spring Security Salt

I'm trying to add a salt when adding a new user/pwd, but the docs seem to be missing how to do this. Here's a basic example:
user973479
  • 1,629
  • 5
  • 26
  • 48
23
votes
2 answers

Difference between SALT and KEY. Encryption

Alright, so im trying to learn a little about Encrypting messages in my java application. I just found out that SALT and KEY aren't the same. Can someone help me understand what the difference between the two is?
cody
  • 425
  • 2
  • 5
  • 8
23
votes
2 answers

Best Way to Generate Random Salt in C#?

Question says it all, what is the best method of generating a random salt (to be used with a hash function) in C#?
Petey B
  • 11,439
  • 25
  • 81
  • 101
23
votes
6 answers

Salt and passwords

Possible Duplicate: Secure hash and salt for PHP passwords WARNING Don't use MD5 for passwords, use an alternative like bcrypt For my passwords should I use salt like this (the salt will be unique to each user and not stored directly with the…
FabianCook
  • 20,269
  • 16
  • 67
  • 115
22
votes
2 answers

Why does BCrypt.net GenerateSalt(31) return straight away?

I stumbled across BCrypt.net after reading Jeff Atwood's post about storing passwords which led me to Thomas Ptacek's recommendation to use BCrypt to store passwords. Which finally led me to this C# implementation of BCrypt In the comments on the…
David Murdoch
  • 87,823
  • 39
  • 148
  • 191
19
votes
5 answers

What comes first, the salt or the hash?

Okay, I know this is probably dead simple, but I can't seem to find a straight answer anywhere. Let's say I have the following: Password: "mypassword" Salt: 1234567 Is the idea of salting to do something like hash(password + salt) or…
user456584
  • 86,427
  • 15
  • 75
  • 107
19
votes
7 answers

Is it possible to attack a user password with known salt

I've been told that email is a bad salt, because it's not unique and connected to the user. And if a user uses the same password on 2 sites, there will be equal hash. So, what's wrong with it? what is attack scenario? Suppose we have both hash and…
Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
18
votes
1 answer

Where are laravel password salts stored?

Laravel uses bcrypt to hash passwords. According to this article, at some point in the process, the Hash::make function creates and uses a 22-length random string as a salt to generate the password. For a single distinct password, Hash::make does…
Nick Pickering
  • 3,095
  • 3
  • 29
  • 50
18
votes
8 answers

Generating a salt in PHP

What's the best way to generate a cryptographically secure 32 bytes salt in PHP, without depending on libraries seldom included in typical PHP installations? After some googling I discovered that mt_rand is not considered secure enough, but I…
qster
  • 1,129
  • 3
  • 9
  • 11
18
votes
5 answers

is a GUID a good salt? is my register/login process got any flaw?

If my table inside the database look like: userid uniqueidentifier username varchar(20) password varbinary(max) When the user submit(to register), I send the user/pass to a stored procedure. The stored procedure create a new GUID(Using NEWID())…
Fredou
  • 19,848
  • 10
  • 58
  • 113
1 2
3
68 69