On Thu, 21 May 2020 15:16:12 +0200
Michał Górny <mgo...@gentoo.org> wrote:

> Isn't the whole point of salted hash to use unique salts?

You'd thinik so, but I've seen too many piece of code where the salt
was a hardcoded string right there in the hash generation.

md5sum( "SeKrIt\0" + pass  )

So I've learned to never assume that salts were unique per entry.

Attachment: pgpVY__tDhm5i.pgp
Description: OpenPGP digital signature

Reply via email to