[ameliaquining]

A pepper is shared among all users of a site. That's what makes it different from a salt.

Or are you saying that the exact same hash was found in multiple separate database dumps? I didn't see any indication of that in the article.

[TeMPOraL]

What you say seems to directly contradict the Wikipedia link above, which says:

"The pepper is randomly generated for each value to be hashed (within a limited set of values), and is never stored. When data is tested against a hashed value for a match, this is done by iterating through the set of values valid for the pepper, and each one in turn is added to the data to be tested (usually by suffixing it to the data), before the cryptographic hash function is run on the combined value."

[ameliaquining]

The talk page mentions "pepper" having two meanings, both of which are mentioned in the article. I wasn't familiar with the one that involves brute-forcing it on every login attempt, and I've never heard of it being used in production on a real site (whereas a global shared secret seems to be reasonably common).

[cyphar]

> I wasn't familiar with the one that involves brute-forcing it on every login attempt, and I've never heard of it being used in production on a real site (whereas a global shared secret seems to be reasonably common).

In case you're interested, that is the same scheme as the one used by JoeyH's keysafe[1].

[1]: http://joeyh.name/code/keysafe/

[IncRnd]

That is not the cryptographic definition of a pepper.

[ameliaquining]

It seems to be how it's typically handled in practice. Example: https://blogs.dropbox.com/tech/2016/09/how-dropbox-securely-...

[IncRnd]

I understand your point, but a close reading of the dropbox article shows a qualified pepper they term "global pepper."