Welcome to Software Development on Codidact!

Will you help us build our independent community of developers helping developers? We're small and trying to grow. We welcome questions about all aspects of software development, from design to code to QA and more. Got questions? Got answers? Got code you'd like someone to review? Please join us.

Post History

91%

+20 −0

Q&A Should a salt be stored in the same database as the hash?

To protect against dictionary and rainbow table attacks it is well known that passwords should be salted before hashing. The salt (unique to each password) gets stored with the hash, often in the s...

5 answers · posted 4y ago by jla‭ · last activity 9mo ago by bencurthoys‭

Question security hash salt

#1: Initial revision by

jla‭ · 2020-09-17T01:07:47Z (about 4 years ago)

Copy Link

Raw

Markdown

Should a salt be stored in the same database as the hash?

To protect against dictionary and rainbow table attacks it is well known that passwords should be salted before hashing. The salt (unique to each password) gets stored with the hash, often in the same string separated by a semi-colon.

However if the salts and hashes are stored together and the database is compromised then the attacker will have access to each salt used for each hash, which defeats the purpose of the salt.

Is this a legitimate concern? Should salts be stored in a separate database to hashes?

security hash salt

Communities

Post History