发表新帖
发表新帖

Static Salt vs Random Salt - Security PHP

后端 未结
关注
5 1147
南方客
南方客 2020-12-30 10:08

Is there any working difference between

$hash=sha1($key.$staticSalt);

and

$hash=sha1($key.$randomSalt);
5条回答
  • 生来不讨喜
    生来不讨喜 (楼主)
    2020-12-30 10:36

    A salt is be random by definition; there is no such thing as a 'static salt'. If it is not random, it's not a salt but a key.

    The point of the salt is to make sure the attacker has to mount a separate attack for each password he/she wants to crack. In other words, the point of salting a hash is to prevent precomputation attacks (rainbow tables).

    The easy solution for getting it right is to use a standard library instead of cutting corners

    0 讨论(0)
 看不清?
提交回复
热议问题