4 Replies - 321 Views - Last Post: 18 June 2010 - 09:59 PM Rate Topic: -----

#1 Guest_Guest*


Reputation:

hash salting question

Posted 18 June 2010 - 06:06 PM

if you use a random number of bytes for the salt how can you reliably duplicate it to valite the hash later? say for a password?
Is This A Good Question/Topic? 0

Replies To: hash salting question

#2 Skaggles  Icon User is offline

  • THE PEN IS MIGHTIER
  • member icon





Reputation: 251
  • View blog
  • Posts: 640
  • Joined: 01-March 09

Re: hash salting question

Posted 18 June 2010 - 06:19 PM

You would also have to store the salt. When I store passwords into a database I usually have two columns; one for the hashed and salted password, and the other for the salt. Unless you have a static salt value, you'll have to store the salt to be able to unhash the password.

This post has been edited by Skaggles: 18 June 2010 - 06:21 PM

Was This Post Helpful? 1
  • +
  • -

#3 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6062
  • View blog
  • Posts: 23,514
  • Joined: 23-August 08

Re: hash salting question

Posted 18 June 2010 - 07:44 PM

Don't know how fond I am of saving the salt, although I've seen it done before. You could also salt it using some static piece of data, for example the timestamp of when the user's record was created. You could also use some part of the user's email address, but this would require you to re-salt the user's password and re-save the hash in the event you allow the user to change it. Mixing in a couple of pieces of static (or semi-static) data is a fine idea.
Was This Post Helpful? 1
  • +
  • -

#4 Momerath  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 1010
  • View blog
  • Posts: 2,444
  • Joined: 04-October 09

Re: hash salting question

Posted 18 June 2010 - 09:42 PM

I always try to save the salt in a different location than that of the hashed data. The idea of the salt is to make it harder for someone to 'guess' at the hashed password by trying a dictionary attack. If you store the hash with the hashed password, this makes it easier for them.
Was This Post Helpful? 0
  • +
  • -

#5 PsychoCoder  Icon User is offline

  • Google.Sucks.Init(true);
  • member icon

Reputation: 1641
  • View blog
  • Posts: 19,853
  • Joined: 26-July 07

Re: hash salting question

Posted 18 June 2010 - 09:59 PM

The way I normally do it is when I store the username & password I have a timestamp column in the table and that's what is used for hashing the password
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1