Oh, he thinks this is about passwords... Thomas, please see
http://saltstack.com <http://saltstack.com/>
Alex Monk
On 17/03/13 01:37, Thomas Gries wrote:
Am 17.03.2013 01:46, schrieb Jeremy Baron:
On Mar 16, 2013 7:18 PM, "Thomas Gries" <[email protected]
<mailto:[email protected]>> wrote:
> Why not salt-per-user ?
I'm not sure what you mean.
It is much safer to add have different salt per user.
http://crackstation.net/hashing-security.htm
section The RIGHT Way: How to Hash Properly
...
The salt needs to be unique per-user per-password. Every time a user
creates an account or changes their password, the password should be
hashed using a new random salt. Never reuse a salt. The salt also
needs to be long, so that there are many possible salts. As a rule of
thumb, make your salt is at least as long as the hash function's
output. The salt should be stored in the user account table alongside
the hash.
_______________________________________________
Labs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/labs-l
_______________________________________________
Labs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/labs-l
