• 0

Question

Hi,

 

When you hash a password using a method like SHA1, BCrypt etc you provide a salt key, but I was wondering do you reuse one salt key throughout or generate a unique random salt key for each password you generator and store it?

 

I have seen both methods use, some people store in the database the salt key with the users password where both are unique or some people have one salt key they reuse to hash all passwords, which method is usually best?

 

Matt.

Link to comment
https://www.neowin.net/forum/topic/1213485-hashing-a-password/
Share on other sites

3 answers to this question

Recommended Posts

  • 0

Using a per user salt is better because it defeats rainbow table reuse (The rainbow table has to be remade for each user vs. once for all users), but also not using something weak like SHA1 helps as well (BCrypt or SCrypt with a high iteration count is better)

  • Like 3
  • 0

I will ask what language you are using, as there are some nice new methods for PHP.

 

But to answer your question, I use an unique salt per user, which upon a password reset is re-generated.  I also use a site salt as well.

  • Like 2
  • 0
  On 14/05/2014 at 13:10, Nik L said:

I will ask what language you are using, as there are some nice new methods for PHP.

 

But to answer your question, I use an unique salt per user, which upon a password reset is re-generated.  I also use a site salt as well.

 

It was mainly just a general question, but I probably know what functions you're on about with PHP as I have seen some new password hashing functions :)

 

  On 14/05/2014 at 13:11, The_Decryptor said:

Using a per user salt is better because it defeats rainbow table reuse (The rainbow table has to be remade for each user vs. once for all users), but also not using something weak like SHA1 helps as well (BCrypt or SCrypt with a high iteration count is better)

 

Makes sense really, thanks! :)

This topic is now closed to further replies.
  • Posts

    • eagerly awaiting a version that runs on android tablets
    • I grew up with the Beach Boys. Even saw them in concert in the 70's. Brian suffered from mental issues all his life. May you find peace wherever you are.
    • Wikipedia suffers backlash from human editors over AI summaries, prompting feature pause by David Uzondu Wikipedia editors have pushed back against plans from the Wikimedia Foundation to test AI-generated article summaries, powered by Aya, the open-weight AI model from Cohere. The non-profit has now paused the project. The decision came after a swift and overwhelmingly negative reaction from its community. As first reported by 404Media, the plan involved a two-week, opt-in trial on the mobile version of Wikipedia. But the volunteer editors who build the encyclopedia met the idea with immediate and fierce opposition. The project's discussion page became a torrent of rejection. It included simple comments like "Yuck" and blunt declarations like "strongest possible oppose" and "Absolutely not." One editor argued that a test would cause "immediate and irreversible harm to our readers and to our reputation as a decently trustworthy and serious source." They noted that Wikipedia has built its name on being sober and reliable, not flashy. Another feared it would destroy the site's collaborative model. They argued that while the "collective mass" of human editors "evens out into a beautiful corpus," the AI would install "one singular editor with known reliability and NPOV [neutral point-of-view] issues" at the very top of an article. That same editor also noted the following: For context, this is what AI-generated summaries on the platform was supposed to look like: Image: 404Media It is not hard to see why they are so protective. The editors' fears are grounded in recent and very public failures of AI features from tech giants. For example, Google's AI overviews recently hit 1.5 billion monthly users. The feature became a laughingstock for telling people to put glue on their pizza and that a dog had played in the NBA. This is the kind of humiliating error Wikipedia's community is desperate to avoid, as it would undermine two-plus decades of careful work. We also saw the potential for reputational damage back in January. That was when Apple's AI feature falsely generated a notification claiming that Luigi Mangione had died by suicide. The man was actually alive and in custody. On the site's technical discussion page earlier today, Marshall Miller (MMiller), a Senior Director at the Wikimedia Foundation, posted an update acknowledging the feedback. He admitted, "It's clear we could have done a better job introducing this idea," and confirmed the experiment was paused. The Foundation says the goal was to explore accessibility for different readers. While this specific test is off the table, the organization still wants to use new technologies. Miller ended with a promise: "We do not have any plans for bringing a summary feature to the wikis without editor involvement." A WMF spokesperson also told 404Media that though the feature has been paused, the foundation is still interested in AI-generated summaries. The spokesperson insisted the goal was to eventually build moderation systems where "humans remain central" and called this kind of backlash feedback part of what makes Wikipedia a "truly collaborative platform."
    • I see, yeah that makes sense. I have been in situations where I barely did not crush badly on the road due to other driver starting to change lanes into another car - freaked out last second and avoided it by crashing into the side of the bridge instead. i got away because I quickly changed lanes 2 times in a couple of second and unlike that idiot I did not lose control big part of this was my car was good 😊 (audi a7) vs the old van the crashed driver was driving would AI be able to react and quickly change lanes twice both time barely avoiding collision … I don’t know my car systems pumped the breaks and tried to warn me with a beep and vibration but if I slammed the breaks the car behind me would hit me then again I have BMW driver training and a good car - so I have no idea how robot taxi would react i am not sure extreme fast lane changes would be programmed in - it is dangerous as hell unless you are FULLY aware, and have done it before but it is a general risk to do it especially in the conditions with bad weather and when you are not driving a sports car with 4 wheel drive and very good control
    • PDF Arranger 1.12.1 by Razvan Serea PDF Arranger merges or splits PDF documents and rotates, crops and rearranges their pages using an interactive and intuitive graphical interface. It is a front end for pikepdf. It's available for Linux and Windows. PDF Arranger features: Merge double-sided scanned document Delete pages from a PDF file Rotate pages in a PDF file Merge multiple PDF documents Zoom in / out Export selected pages from a PDF Undo/redo support Duplicate PDF pages Crop white borders Supports importing encrypted PDF files Create a booklet from multiple pages Allow to edit Keywords, Subjects and dates in document info ...and more PDF Arranger 1.12.1 changelog: Fix incompatibility with Python 3.13.4 on Linux #1238 Update Dutch and Italian translation Download: PDF Arranger 1.12.1 | 42.6 MB (Open Source) Download: PDF Arranger Portable | PortableApps.com View: PDF Arranger Website | Other operating systems | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
  • Recent Achievements

    • Collaborator
      CHUNWEI earned a badge
      Collaborator
    • Apprentice
      Cole Multipass went up a rank
      Apprentice
    • Posting Machine
      David Uzondu earned a badge
      Posting Machine
    • One Month Later
      Stokenking earned a badge
      One Month Later
    • One Month Later
      Kevin Jones earned a badge
      One Month Later
  • Popular Contributors

    1. 1
      +primortal
      537
    2. 2
      ATLien_0
      266
    3. 3
      +Edouard
      193
    4. 4
      +FloatingFatMan
      181
    5. 5
      snowy owl
      135
  • Tell a friend

    Love Neowin? Tell a friend!