|
|
|
|
|
|
by ratzinho87
5100 days ago
|
|
|
The salt does not need to be hidden. First of all, it needs to be unique per hashed information (password), so you cannot store it in code. Second, its purpose is to force any attacker trying to use a lookup tables to calculate one lookup table per password.
http://en.wikipedia.org/wiki/Salt_%28cryptography%29 Edit: also, instead of using a "system salt", why not use an HMAC to replace hash function? |
|
|