SHA256 Individual salt for every player
#2

Yes, salt should be per-account - that's the whole purpose of salt! In case someone gets your database, they have to brute-force hashes for each player individially, this really slows them down (does not completely stop them though, offline cracking for a persistent actor with access to botnets of GPU's will break your hashes, unless you use non-gpu optimizable hash algo)
You can store it in plaintext next to password.
Reply


Messages In This Thread
SHA256 Individual salt for every player - by Kampott - 28.09.2017, 21:47
Re: SHA256 Individual salt for every player - by Misiur - 28.09.2017, 22:07
Re: SHA256 Individual salt for every player - by Kampott - 28.09.2017, 22:17

Forum Jump:


Users browsing this thread: 1 Guest(s)