Is it safer to have the salt in the source code? If the db gets compromised with salts then everything is lost.. but if they only have hashes they can't do anything with it.. If the salt is in the source code, you could use their userid or something else? anyone know..
Is it safer to have the salt in the source code?
212 Views Asked by Rifat Cholakov At
1
There are 1 best solutions below
Related Questions in PASSWORDS
- Do I have to randomize key in OpenSSL
- Xcode salting and hashing a password
- migrate one ldap server to another - questions
- Create a .txt with Password
- Hiding param of struts.xml values in Struts 2
- Detecting when CAPS LOCK is ON
- Save user and password Android
- Use MATLAB's webread to login to website and extract text
- authentication ruby valid_password error
- Linux acquire root permissions through a password popup
- I forgot the password to open a Word document. How can I retrieve the password?
- Django Rest Framework - serializer code not executing
- Transmit commands via ssh with password using expect
- Most used password in different language
- How does Maven 3 password encryption work?
Related Questions in PASSWORD-STORAGE
- Storing password in an AES container
- Is there a standard to store username and password in WP7 applications?
- Should you use AccountManager for storing Usernames and Passwords for an Android app?
- Do banks store passwords as plain text?
- Is saving a private key encrypted with the users password safer than storing a hash in a database?
- How to protect users' credentials stored unencrypted in ~/.docker/config.json by 'docker login'?
- Using Multiple Hashes in PHP
- SmartLock saves Facebook credentials without asking
- How should I store a single use username and password for an Angular app without a login page?
- How does hybris store password hashes
- Any way to store a password securely in an application
- How to prevent user from imitating other users by updating passwords for other users?
- Is this a secure method of hasing a password in Java
- Is it safer to have the salt in the source code?
- Creating and storing Password in Android
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Definitely use new salt for each password and store them in the database alongside the passwords. Please see https://en.wikipedia.org/wiki/Salt_(cryptography)#Common_mistakes for reasons. If you want to learn more about the topic, the whole wikipedia article is a great source, followed by https://en.wikipedia.org/wiki/Rainbow_table, maybe even some generic info about hashing like https://en.wikipedia.org/wiki/Cryptographic_hash_function.