|
|
|
|
|
|
by ameliaquining
3237 days ago
|
|
|
The talk page mentions "pepper" having two meanings, both of which are mentioned in the article. I wasn't familiar with the one that involves brute-forcing it on every login attempt, and I've never heard of it being used in production on a real site (whereas a global shared secret seems to be reasonably common). |
|
|
In case you're interested, that is the same scheme as the one used by JoeyH's keysafe[1].
[1]: http://joeyh.name/code/keysafe/