|
|
|
|
|
|
by thomasptacek
6843 days ago
|
|
|
The salt is public. If you have the password table, you have the salt. The attacker doesn't have to guess the salt with an incremental password cracker (read: almost any password cracker). The mistake you're making is your misuse of the word "key". Larger keys are more secure. A salt is a nonce, not a key. Can I say again that people shouldn't be rolling their own password scheme? This is a problem that has been well-addressed for decades, but the majority of new applications still ship with code that is inferior to public domain code from 1976.
|
|
|