• 0

Hashing a password

Asked by SuperKid,

 Share

Question

Grand Master

SuperKid

Posted
Posted

Hi,

 

When you hash a password using a method like SHA1, BCrypt etc you provide a salt key, but I was wondering do you reuse one salt key throughout or generate a unique random salt key for each password you generator and store it?

 

I have seen both methods use, some people store in the database the salt key with the users password where both are unique or some people have one salt key they reuse to hash all passwords, which method is usually best?

 

Matt.

Link to comment
https://www.neowin.net/forum/topic/1213485-hashing-a-password/
Share on other sites

3 answers to this question

Recommended Posts

  • 0
Grand Master

The_Decryptor Veteran

Posted
  • Veteran
Posted

Using a per user salt is better because it defeats rainbow table reuse (The rainbow table has to be remade for each user vs. once for all users), but also not using something weak like SHA1 helps as well (BCrypt or SCrypt with a high iteration count is better)

  • Ambroos, +Nik Louch and SuperKid
  • Like 3
  • 0
Grand Master

+Nik Louch Subscriber²

Posted
  • Subscriber²
Posted

I will ask what language you are using, as there are some nice new methods for PHP.

 

But to answer your question, I use an unique salt per user, which upon a password reset is re-generated.  I also use a site salt as well.

  • astropheed and SuperKid
  • Like 2
  • 0
Grand Master

SuperKid

Posted
  • Author
Posted
  On 14/05/2014 at 13:10, Nik L said:

I will ask what language you are using, as there are some nice new methods for PHP.

 

But to answer your question, I use an unique salt per user, which upon a password reset is re-generated.  I also use a site salt as well.

 

It was mainly just a general question, but I probably know what functions you're on about with PHP as I have seen some new password hashing functions :)

 

  On 14/05/2014 at 13:11, The_Decryptor said:

Using a per user salt is better because it defeats rainbow table reuse (The rainbow table has to be remade for each user vs. once for all users), but also not using something weak like SHA1 helps as well (BCrypt or SCrypt with a high iteration count is better)

 

Makes sense really, thanks! :)

This topic is now closed to further replies.
 Share
Go to question listing

  • Posts

    • After ditching XPS branding, Dell unveils Premium laptops starting at $1,649

      By CHUNWEI · Posted

      Dell Pro Max Premium Ultra
    • Microsoft updates Media Creation Tool with a newer Windows 11 release

      By TarasBuria · Posted

      Microsoft updates Media Creation Tool with a newer Windows 11 release by Taras Buria If you want to download a Windows 11 image or create an install media, the Media Creation Tool app is one of the best options—simple, fast, and, more importantly, official. While there are other useful alternatives, such as Rufus, Media Creation Tool remains the default choice for those who simply want a clean Windows 11 installation on a supported computer. Thanks to the latest MCT update, you will have to deal with fewer updates after installing Windows 11. Microsoft has quietly updated the Media Creation Tool app so that it downloads the latest Windows 11 release, version 24H2, with build number 26100.4349. This is the most recent public Windows 11 update (June 2025 Patch Tuesday), which eliminates the need to download large updates for your PC after installing the operating system. You can download Media Creation Tool from the official Windows 11 website. If you are familiar with it, this simple app can generate a Windows 11 image with the language you need or create a bootable USB media. Note that it only works on Windows, so Linux or macOS users have to download Windows images directly from the official website and then use apps that are available on their platforms. Another thing worth noting is Media Creation Tool is not the right choice if you want to install Windows 11 on an unsupported PC. In such a case, you can use MCT to download an ISO and then create a modified install media with apps like Rufus or Ventoy as described in our dedicated guide. If you want a more exotic Windows 11 Edition, try the Oofhours Media Tool, which allows you to select Windows 10 or 11, architecture (x64, x86, or ARM64), language, and edition. In addition to standard Home and Pro, the application can download non-mainstream SKUs, such as Enterprise, Education, or Professional for Workstations. Via: Deskmodder
    • After ditching XPS branding, Dell unveils Premium laptops starting at $1,649

      By LightEco · Posted

      Putting premium on your higher end laptops really makes it feel like your lower end laptops are worse.
    • Meta is now using every possible source to power its data centers

      By grik · Posted

      Funny enough just removed insta account and whatsapp is next. Less power needed now
    • Windows 11 is getting a redesigned BSOD and new tools to help you recover from outages

      By LightEco · Posted

      If you only show the stop code and what failed for less than 2 seconds, what use is it?

  • Recent Achievements

    • Conversation Starter
      Kavin25 earned a badge
      Conversation Starter
    • One Month Later
      Leonard grant earned a badge
      One Month Later
    • Week One Done
      pcdoctorsnet earned a badge
      Week One Done
    • Rising Star
      Phillip0web went up a rank
      Rising Star
    • One Month Later
      Epaminombas earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      538
    2. 2
      ATLien_0
      207
    3. 3
      +FloatingFatMan
      174
    4. 4
      Michael Scrip
      148
    5. 5
      snowy owl
      119
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!