« Why publishing exploit code is *generally* a bad idea if you're paid to protect | Main | New Site Addressing Python Security »

A reminder as to why using random salts is a good idea

I came across a post on stackoverflow that I felt was worth mentioning. The person was wanting to hash user passwords and implement per user salting. A response by Dave Sherohman provided a good overview as to why using random salts (instead of just using the user's username) is a good idea. If you've been tasked with storing user passwords this page gives a good overview into the subject.

URL: http://stackoverflow.com/questions/536584/non-random-salt-for-password-hashes/536756#536756


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!