Salting Passwords in plain sight

Interesting method of creating a unique salt that can only be derived from the password being encrypted. If you used a salt created by an algorithm based on something known, an attacked who had access to the DB and the salting method could devise a cracking mechanism.

But with this, even if you have both of those you would still not be able to crack the password without trying every possible password against itself – a feat that approaches impossibilty.

Lance Cameron Kidwell

25 July 2009

Posted in Miscellania

In lieu of comments, please talk about this post with smart people at Hacker News Hacker News or, if you're the twittering sort, click this handsome button:

Prove Me Wrong: