Stack Overflow
Stack Overflow

Questions tagged [salt]

Cryptography function that takes random bits and a string (typically a password) and uses a one-way hash to provide a new string that can be used for authentication without providing access to the original string. If a salt function uses enough random bits, the resulting string is generally considered cryptographically secure.

1027 questions
17
votes
5 answers

Am I using PHP's crypt() function correctly?

I've been using PHP's crypt() as a way to store and verify passwords in my database. I use hashing for other things, but crypt() for passwords. The documentation isn't that good and there seems to be a lot of debate. I'm using blowfish and two salts…
Brian
  • 4,328
  • 13
  • 58
  • 103
16
votes
2 answers

Do I change salt value when changing a user password?

Suppose I store a random salt value for each user. Do I have to generate a new salt value when that user password is changed or do I use the same value for the whole lifetime of that user account?
sharptooth
  • 167,383
  • 100
  • 513
  • 979
16
votes
2 answers

[Sql-Server]what data type to use for password salt and hash values and what length?

I am generating salt and hash values from my passwords by using, string salt = CreateSalt(TxtPassword.Text.Length); string hash = CreatePasswordHash(TxtPassword.Text, salt); private static string CreateSalt(int size) { //Generate a…
ACP
  • 34,682
  • 100
  • 231
  • 371
16
votes
2 answers

how does password hash+salt work

I though I understood hashing and salting passwords but it seems I have some misconceptions. I am creating a user account system for my website in nodejs. The way I understood it was that when a user creates a password we generate a random salt,…
gloo
  • 2,490
  • 3
  • 22
  • 38
15
votes
7 answers

How long should a salt be to make it infeasible to attempt dictionary attacks?

I'm designing an authentication system that works like the following: User enters password Salt is generated. Password is hashed with whirlpool Whirlpool hashed password concatenated with the plain salt The concatenated version is hashed with sha1…
Will Morgan
  • 4,470
  • 5
  • 29
  • 42
15
votes
1 answer

What is the correct format for a blowfish salt using PHP's crypt?

I have read the information provided on the PHP Manual Entry for crypt(), but I find myself still unsure of the format for a salt to trigger the Blowfish algorithm. According manual entry, I should use '$2$' or '$2a$' as the start of a 16 character…
Dereleased
  • 9,939
  • 3
  • 35
  • 51
14
votes
2 answers

Is It okay to save user's salt in the same table as password hash?

Is it okay and isn't useless? It could be saved in another table or even another database. What do you think? P.S. For higher security, I have the constant salt "peanuts" too. It's constant value saved in configuration file (not in database). So if…
daGrevis
  • 21,014
  • 37
  • 100
  • 139
14
votes
4 answers

How to create a asp.net membership provider hashed password manually?

I'm using a website as a frontend and all users are authenticated with the standard ASP.NET Membership-Provider. Passwords are saved "hashed" within a SQL-Database. Now I want to write a desktop-client with administrative functions. Among other…
Anheledir
  • 4,337
  • 7
  • 32
  • 34
14
votes
4 answers

OpenSSL - Password vs Salt Purpose

When encrypting a file with OpenSSL, it is possible to use -pass pass:mySillyPassword, where mySillyPassword is the password used in encryption. In addition, it is possible to use a salt, where -salt -s (hex string) is used to specify the salt. Why…
user2520041
  • 145
  • 1
  • 1
  • 5
14
votes
2 answers

How to create two way encode/decode methods using use-specific key - PHP?

I need two functions/methods, one to encode, one to decode. This is not for storing passwords. Each user will have a specific key/salt to encode the data. This is how I would like it to work: function encode($str, $key) { // something…
Jason Silberman
  • 2,471
  • 6
  • 29
  • 47
13
votes
1 answer

How to use PKCS5_PBKDF2_HMAC_SHA1()

I am trying to use PKCS5_PBKDF2_HMAC_SHA1() and below is my sample program. I wanted to make sure if my result of PKCS5_PBKDF2_HMAC_SHA1() is correct so I verified the same with the website http://anandam.name/pbkdf2/ and I see a different result. …
pkumarn
  • 1,383
  • 4
  • 22
  • 29
13
votes
4 answers

Java AES Encryption with salt

Alright, turns out I suck at Encryption/Decryption. I just dont get it. How can I make Java encrypt String message1 = "hello world"; with String salt = "mySalt"; using AES encryption? also how can I decrypt it once encrypted? If you have the time to…
cody
  • 425
  • 2
  • 5
  • 8
13
votes
3 answers

How does using a salt make a password more secure if it is stored in the database?

I am learning Rails, at the moment, but the answer doesn't have to be Rails specific. So, as I understand it, a secure password system works like this: User creates password System encrypts password with an encryption algorithm (say SHA2). Store…
marcamillion
  • 32,933
  • 55
  • 189
  • 380
13
votes
1 answer

How does salt work in Rails' has_secure_password

From what I understand from salting to make an encrypted password more secure, I would generate a random number (the salt) and store it along side the hashed password, in the user record (for example.) I would concatenate the salt with the plaintext…
pitosalas
  • 10,286
  • 12
  • 72
  • 120
13
votes
2 answers

Web app passwords: bcrypt and SHA256 (and scrypt)

With all the recent (e.g. LinkedIn) discussions of passwords I'm looking at password hashing implementations. After two cups of coffee and a morning reading I'm no more a cryptographer than when I started. And I really don't want to pretend that I…
user1446426
  • 685
  • 1
  • 7
  • 11
1 2 3
68 69