|
|
|
|
|
|
by kohtatsu
2107 days ago
|
|
|
It's possible to change the pepper during login (same as adjusting parameters). The downside for the scheme is complexity and limited upside; complexity gets a lot more attention when it comes to security considerations. Best practice especially needs to be simple; it's easy to mess this stuff up and hard to understand. A lot of the comments on this post betray a very poor understanding of password storage; they simply haven't come across the correct information. Overall pepper is good as long as you include salt. There are times when the db gets leaked and the env variables don't. There's nothing wrong with your scheme if it's implemented properly, but being able to change the site-wide key is a limited upside compared to using a pepper. There is an upside though. And all of this doesn't matter much as long as you do the bare minimum of using a tuned pbkdf+salt and keep your stuff patched. |
|
|