[pc86]

Agree that OWASP's crypto advice is generally garbage, but is there a better salt policy than what they have?

    [protected form] = [salt] + protect([protection func], [salt] + [credential]);

[schoen]

I assume tptacek's objection is that salts need to be unique (at most, unpredictable enough to discourage precomputation), and don't need to be produced by a CSPRNG.

Edit: or maybe something else from the editorial history of the document?

[tptacek]

There's that, but more generally and importantly, application developers who take special measures to generate salts tend not to be using secure password hashing algorithms --- the libraries for things like bcrypt tend to handle this for you.

[schoen]

Maybe akin to the "typing the letters A-E-S" in https://www.nccgroup.trust/us/about-us/newsroom-and-events/b...?

[astockwell]

"Just use bcrypt" (or scrypt). Salting is baked in.