tags:

views:

65

answers:

2

Hello,

can you please tell me what is best way to salt password. Which method best?

Thank you.

+3  A: 

It doesn't really matter how you do it. It's just a way to get different hashes for the same password.

If you think you need 256 hashes for every password, use one byte of salt. If you want 4bn hashes for every password, use 4 bytes of salt.

These kind of trade-offs need much more information about the problem domain than you've given us.

Assume that the salt is publicly visible, so you don't need to worry about fancy un-guessable techniques for predicting it - any old PRNG will do.

Will Dean
+1  A: 

A salt is just applying some mutation to your raw password before applying a hash (or encryption I guess) so that a rainbow table attack is more difficult. It can be as simple as:

md5("saltstring" + password);
Graphain