/    Sign up×
Community /Pin to ProfileBookmark

Correct way to store a salt?

Copy linkTweet thisAlerts:
Nov 30.2009

I’m currently storing a random yet unique salt for each user in my database.

What’s the best practice for storing a salt? Can I just store it in the same database with the password hash and other user details?

Also, how am I supposed to protect the salt? Each salt is in plaintext, so would that compromise the security of each password hash?

Thanks!

to post a comment
PHP

1 Comments(s)

Copy linkTweet thisAlerts:
@NogDogDec 01.2009 — I believe that in most cases, yes, you can store the salt in the user table. As the main purpose of the salt is to avoid multiple users using the same password having the same hashed value in the DB, knowing it's value is not particularly a help.
×

Success!

Help @four0four spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.28,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...