https://rt.cpan.org/Ticket/Display.html?id=55850&results=a52c3c931cac70fddd2e1926e2f4280a
The purpose of salt is to reduce the ability for a single (pre-calculated) rainbow table of passwords and hashes to compromise the whole store. If your salt isn't a random function, or specific to the user there is no benefit in the salt... This is broken implementation. Hard coding salt in a config file only protects you from a rainbow table without that salt. It still doesn't solve the problem of cached hashings. -- Evan Carroll System Lord of the Internets http://www.evancarroll.com _______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
