Y
Hacker News
new
|
ask
|
show
|
jobs
by
Amorymeltzer
3108 days ago
Nah, user logins/emails often won't be long enough or random enough. See
https://security.stackexchange.com/a/8024/28881
and
https://stackoverflow.com/a/5565071/2521092
1 comments
swsieber
3108 days ago
Would it be an okay practice to prepend the username as extra salt, still using the randomly generated salt?
link
Amorymeltzer
3108 days ago
Why not just use a longer salt? The username is only going to reduce randomness. Moreover, I don't buy the presumed advantage: nobody is really parsing that message to mean someone else could have the same password.
link
marcosdumay
3108 days ago
Be careful about how you merge the username and the random salt.
link