[Giovanni]

I am currently trying to improve the security of my register system. I did a little bit of research and figured out that salting passwords makes things more secure.

If I understood everything correctly, then salting looks a little bit like this:

Код:

Password: abcd | Hash: e2fc714c4727ee9395f324cd2e7f331f
Salt: salt | Hash: ceb20772e0c9d240c75eb26b0e37abee
(the salt is random ofc)

Then you have to put the hashes together, and hash the big hash again (if I'm right).

This would output following hash:

Код:

b65a54c1283b702446e3d3062aeb72d8 (hashed password + hashed salt)

What I didn't understand is:

How to get the salt later on? Do you just store the hashed salt in the accounts/database?

[iggy1]

Why not use whirlpool? It's never been cracked, so it's very secure.

I'm not sure what salting does, but if salt is random and it's value affects the hash, then you will need to store it in the DB.