Hacker News new | ask | show | jobs
by mschuster91 4592 days ago
You totally forget about hash salting - this way a hacker can't use rainbow tables or precomputed hashes for common passwords.
2 comments
iLoch 4592 days ago
I've also seen a fair bit of misunderstanding about hashes - you do not want to apply a global salt to all your hashes. Salts should be generated on a per hash basis, and should be stored within the hash itself. Most hashing libraries will do this. It's usually much easier and safer to use a library than to roll your own.
link
mschuster91 4592 days ago
Indeed, yes, and I do this for all my projects. But even a global salt is way better than no salt at all.

That aside, doesn't Wordpress still use lots of global salts?!

link
privasectech 4592 days ago
Thanks for this! I have added a paragraph on salting if you reload the page.
link