Am 17.03.2013 01:46, schrieb Jeremy Baron: > > On Mar 16, 2013 7:18 PM, "Thomas Gries" <[email protected] > <mailto:[email protected]>> wrote: > > Why not salt-per-user ? > > I'm not sure what you mean. >
It is much safer to add have different salt per user. http://crackstation.net/hashing-security.htm section The RIGHT Way: How to Hash Properly ... The salt needs to be unique per-user per-password. Every time a user creates an account or changes their password, the password should be hashed using a new random salt. Never reuse a salt. The salt also needs to be long, so that there are many possible salts. As a rule of thumb, make your salt is at least as long as the hash function's output. The salt should be stored in the user account table alongside the hash.
_______________________________________________ Labs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/labs-l
