Alright,
I know for a fact that salts are an important part of storing a password securly in a database. Most people store the password hash, and the salt that was used for it. This, I have learned, isn't as safe as many would think, as a dedicated cracker could use a dictionary attack to find out the password (granted he knew how you were using the salt).
Therefore, I am asking, is it safe to use some sort of transformed version of the password as the salt? Or is a normal salt going to do the exact same job.
(To be clear, I am not making my own crypto.)
Aucun commentaire:
Enregistrer un commentaire