Y
Hacker News
new
|
ask
|
show
|
jobs
by
rmc
5193 days ago
In reality you arent using 2 salts, you are using one unique salt per user, each users salt starts with the same few bytes though.
1 comments
Misiek
5193 days ago
yes, I put the first salt in database and the second salt under www-root. Hacker who hack the database only will not know the fist salt.
link
leftnode
5193 days ago
I think you have to assume worst case: if they have access to your database, they have access to your web root. It might not be the case, but you should assume that.
link