saltedhash

What exactly is a rainbow attack?

I was reading a few articles on salts and password hashes and a few people were mentioning rainbow attacks. What exactly is a rainbow attack and what are the best methods to prevent it? ...

What is the purpose of the "salt" when hashing?

Ok, I’m trying to understand the reason to use salt. When a user registers I generate a unique salt for him/her that I store in DB. Then I hash it and the password with SHA1. And when he/she is logging in I re-hash it with sha1($salt.$password). But if someone hacks my database he can see the hashed password AND the salt. Is that hard...

Do I need to Salt and Hash a randomly generated token?

I'm using Adam Griffiths's Authentication Library for CodeIgniter and I'm tweaking the usermodel. I came across a generate function that he uses to generate tokens. His preferred approach is to reference a value from random.org but I considered that superfluous. I'm using his fall back approach of randomly generating a 20 character lo...

Help needed in grokking password hashes and salts

I've read a number of SO questions on this topic, but grokking the applied practice of storing a salted hash of a password eludes me. Let's start with some ground rules: a password, "foobar12" (we are not discussing the strength of the password). a language, Java 1.6 for this discussion a database, postgreSQL, MySQL, SQL Server, Oracl...

Hashing in SHA512 using a salt? - Python

Hi folks, I have been looking through ths hashlib documentation but haven't found anything talking about using salt when hashing data. Help would be great. ...

Salting passwords 101

Could someone please help me understand how salting works? So far I understand the following: Validate password Generate a random string Hash the password and the random string and concat them, then store them in the password field... How do we store the salt, or know what it is when a user logs in? Do we store it in its own field? ...