Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It doesn't matter that they know your salting tactic, it still stops reverse-lookup tables with common passwords online.


However any salting tactic that can be pushed and used on the client side would have a tough time using a salt that is on a per-user basis. This means that if you could salt it client side, you would need to have a static salt, which is significantly less secure than a unique salt per user.


> However any salting tactic that can be pushed and used on the client side would have a tough time using a salt that is on a per-user basis.

How so? Surely the client would know their username too?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: