Y
Hacker News
new
|
ask
|
show
|
jobs
by
swsieber
3108 days ago
Would it be an okay practice to prepend the username as extra salt, still using the randomly generated salt?
2 comments
Amorymeltzer
3108 days ago
Why not just use a longer salt? The username is only going to reduce randomness. Moreover, I don't buy the presumed advantage: nobody is really parsing that message to mean someone else could have the same password.
link
marcosdumay
3108 days ago
Be careful about how you merge the username and the random salt.
link