|
|
|
|
|
|
by shabble
4630 days ago
|
|
|
I think this occurs to nearly everyone. It's commonly referred to as a "pepper"[1], and is generally considered not all that helpful in most scenarios, as well as being potential evidence that you're a witch^W^WDoing Your Own Crypto, which is bad. [1] See towards the end of the very comprehensive first answer.
http://security.stackexchange.com/questions/211/how-to-secur... Then go back, read the rest of it :) |
|
|
i think the answer from rory mcclune puts it well: "Another add-on I've seen to this is to also add in what was called a pepper value. This was just another random string but was the same for all users and stored with the application code as opposed to in the database. the theory here is that in some circumstances the database may be compromised but the application code is not, and in those cases this could improve the security. It does, however, introduce problems if there are multiple applications using the same password database."