Comments on: How to effectively salt a password stored as a hash in a database http://www.rhyous.com/2012/06/18/how-to-effectively-salt-a-password-stored-as-a-hash-in-a-database/ Knight of the Code Sat, 18 May 2013 12:07:49 -0600 hourly 1 http://wordpress.org/?v=3.5.1 By: js http://www.rhyous.com/2012/06/18/how-to-effectively-salt-a-password-stored-as-a-hash-in-a-database/#comment-55086 js Thu, 24 Jan 2013 13:21:36 +0000 http://www.rhyous.com/?p=5259#comment-55086 I'd not even say deprecated, but insecure. Salting is not enough to make it hard enough for an attacker to recover the password. PBKDF2 and bcrypt make it way harder, and they can both scale with the improvements in computing power, as the number of rounds is configurable and can be increased.

]]> By: Rhyous http://www.rhyous.com/2012/06/18/how-to-effectively-salt-a-password-stored-as-a-hash-in-a-database/#comment-54524 Rhyous Thu, 17 Jan 2013 16:33:41 +0000 http://www.rhyous.com/?p=5259#comment-54524 js,

Are you saying salting is now deprecated in favor of PBKDF2? I will have to read about it.

]]> By: js http://www.rhyous.com/2012/06/18/how-to-effectively-salt-a-password-stored-as-a-hash-in-a-database/#comment-54482 js Thu, 17 Jan 2013 00:17:05 +0000 http://www.rhyous.com/?p=5259#comment-54482 This is a bad idea, as salting is not enough. Please read about PBKDF2 or bcrypt to see how to do it right.

]]> By: Joshua http://www.rhyous.com/2012/06/18/how-to-effectively-salt-a-password-stored-as-a-hash-in-a-database/#comment-29486 Joshua Fri, 29 Jun 2012 17:46:28 +0000 http://www.rhyous.com/?p=5259#comment-29486 Excellent post. Keep up the great work!

]]> By: Rhyous http://www.rhyous.com/2012/06/18/how-to-effectively-salt-a-password-stored-as-a-hash-in-a-database/#comment-29012 Rhyous Wed, 20 Jun 2012 19:56:43 +0000 http://www.rhyous.com/?p=5259#comment-29012 Also, see http://CrackStation.net/hashing-security.htm#salt

]]>