28.09.2017, 22:07
Yes, salt should be per-account - that's the whole purpose of salt! In case someone gets your database, they have to brute-force hashes for each player individially, this really slows them down (does not completely stop them though, offline cracking for a persistent actor with access to botnets of GPU's will break your hashes, unless you use non-gpu optimizable hash algo)
You can store it in plaintext next to password.
You can store it in plaintext next to password.