SHA256 Individual salt for every player - Printable Version
+- SA-MP Forums Archive (
https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (
https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (
https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: SHA256 Individual salt for every player (
/showthread.php?tid=642350)
SHA256 Individual salt for every player -
Kampott - 28.09.2017
Should I create an individual salt for each player, or i can create one myself and use it for every player?
And what's the difference between the two options? And the best way to store a salt?
Re: SHA256 Individual salt for every player -
Misiur - 28.09.2017
Yes, salt should be per-account - that's the whole purpose of salt! In case someone gets your database, they have to brute-force hashes for each player individially, this really slows them down (does not completely stop them though, offline cracking for a persistent actor with access to botnets of GPU's will break your hashes, unless you use non-gpu optimizable hash algo)
You can store it in plaintext next to password.
Re: SHA256 Individual salt for every player -
Kampott - 28.09.2017
Thanks.