Password Salts

Lee

Lee

Well-known member
Right now I am using a randomly generated password salt stored in a database in the field "salt".

I was just thinking about the practicality of this, and if for any reason that sql table become compromised, they would have access to my password salt.

What I was thinking is either creating a random salt on the fly, or possibly using the users email address as a password salt.

Anybody have any suggestions on the best way to do this?
 
Generate a new salt per user. You could also use a constant salt that is stored on the web server. This way, the attacker needs both salts in order to even attempt an attack.
 
Random salt per user is the best way to do it. Doesn't matter that it's stored in the DB really as you hash it in the password field.
 
You must log in or register to reply here.

Similar threads

L
XF 2.2 Xenforo Login Issues
Replies
0
Views
258
leebo
L
Ludachris
  • Question Question
XF 2.2 Question about the 2FA process in XF
Replies
1
Views
920
Kirby
K
E
Anyone mind taking a look at my site?
2 3
Replies
41
Views
3K
Mr Lucky
Mr Lucky
tessey
  • Question Question
XF 1.5 Having problems with admin password
Replies
6
Views
818
tessey
tessey
MapleOne
XF 2.2 Randomize Contact Form URL: MyForum.com/misc/contact
Replies
1
Views
656
briansol
B
Top Bottom