24.04.2018, 07:53
The only reason you would use a salt is to slow down an attacker. If they have access to your database it's a lost cause anyway.
It is perfectly fine to store the unique salt alongside the hash in the same table. Assuming you use a strong cipher algorithm, a UNIQUE PER-PLAYER salt and enough iterations, you have a better security than 80% of the web services in the world.
It is perfectly fine to store the unique salt alongside the hash in the same table. Assuming you use a strong cipher algorithm, a UNIQUE PER-PLAYER salt and enough iterations, you have a better security than 80% of the web services in the world.

