Apparently the salt can be encoded into the password hash. This seems like a great way to store the salt.
According to phpass: "it encodes the hash type, the salt, and the password stretching iteration count into the "hash encoding string" that it returns. When phpass authenticates a password or passphrase against a stored hash, it similarly transparently extracts and uses the hash type identifier, the salt, and the iteration count out of the "hash encoding string"." -- View this message in context: http://zend-framework-community.634137.n4.nabble.com/Guidance-on-storing-passwords-securely-tp2400394p2401882.html Sent from the Zend Framework mailing list archive at Nabble.com.
