Salting passwords - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Salting passwords (/showthread.php?tid=346644)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Salting passwords (/showthread.php?tid=346644)
Salting passwords - Giovanni - 29.05.2012
I am currently trying to improve the security of my register system. I did a little bit of research and figured out that salting passwords makes things more secure.
If I understood everything correctly, then salting looks a little bit like this:
Код:
Password: abcd | Hash: e2fc714c4727ee9395f324cd2e7f331f Salt: salt | Hash: ceb20772e0c9d240c75eb26b0e37abee (the salt is random ofc)
This would output following hash:
Код:
b65a54c1283b702446e3d3062aeb72d8 (hashed password + hashed salt)
How to get the salt later on? Do you just store the hashed salt in the accounts/database?
Re: Salting passwords - iggy1 - 29.05.2012
Why not use whirlpool? It's never been cracked, so it's very secure.
I'm not sure what salting does, but if salt is random and it's value affects the hash, then you will need to store it in the DB.