[Labs-l] salt in labs?
Krenair
krenair at gmail.com
Sun Mar 17 01:41:45 UTC 2013
Oh, he thinks this is about passwords... Thomas, please see
http://saltstack.com <http://saltstack.com/>
Alex Monk
On 17/03/13 01:37, Thomas Gries wrote:
> Am 17.03.2013 01:46, schrieb Jeremy Baron:
>>
>> On Mar 16, 2013 7:18 PM, "Thomas Gries" <mail at tgries.de
>> <mailto:mail at tgries.de>> wrote:
>> > Why not salt-per-user ?
>>
>> I'm not sure what you mean.
>>
>
> It is much safer to add have different salt per user.
> http://crackstation.net/hashing-security.htm
>
> section The RIGHT Way: How to Hash Properly
> ...
> The salt needs to be unique per-user per-password. Every time a user
> creates an account or changes their password, the password should be
> hashed using a new random salt. Never reuse a salt. The salt also
> needs to be long, so that there are many possible salts. As a rule of
> thumb, make your salt is at least as long as the hash function's
> output. The salt should be stored in the user account table alongside
> the hash.
>
>
>
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/labs-l/attachments/20130317/75d3fb02/attachment-0001.html>
More information about the Labs-l
mailing list