Y
Hacker News
new
|
ask
|
show
|
jobs
by
miguelpais
5497 days ago
If the salt is the same for all the users you can have it on the source code that hashes the passwords. Not always being SQL injected means having the back-end code leaked.
1 comments
tedunangst
5497 days ago
That defeats the purpose. The whole point is to have a unique salt per user to force the cracker to spend time on every password.
link