Securing passwords in your database

Add salt to your encrypted passwords for extra tastiness

There’s a good post at the Errata Security blog (The Importance of Being Canonical) that discusses going behind encrypting passwords in your database, to appending or prepending random characters (“salts”) to your password hashes, effectively neutralizing a common way of cracking encrypted passwords.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.