SA-MP Forums Archive
SHA256 Individual salt for every player - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: SHA256 Individual salt for every player (/showthread.php?tid=642350)



SHA256 Individual salt for every player - Kampott - 28.09.2017

Should I create an individual salt for each player, or i can create one myself and use it for every player?
And what's the difference between the two options? And the best way to store a salt?


Re: SHA256 Individual salt for every player - Misiur - 28.09.2017

Yes, salt should be per-account - that's the whole purpose of salt! In case someone gets your database, they have to brute-force hashes for each player individially, this really slows them down (does not completely stop them though, offline cracking for a persistent actor with access to botnets of GPU's will break your hashes, unless you use non-gpu optimizable hash algo)
You can store it in plaintext next to password.


Re: SHA256 Individual salt for every player - Kampott - 28.09.2017

Thanks.