|
|
|
|
|
|
by steakejjs
4096 days ago
|
|
|
I don't understand your issue with hardcoded salts. It essentially works the same way as an HMAC. It is some secret material that further complicates the attackers job...It doesn't mean they react to a successful attack in a different way. After hashing the password he is storing the hash along with the users random salt, not retroactively applying the salt a second time. |
|
|