[Labs-l] salt in labs?
Ryan Lane
rlane32 at gmail.com
Sun Mar 17 01:45:03 UTC 2013
On Sat, Mar 16, 2013 at 6:37 PM, Thomas Gries <mail at tgries.de> wrote:
> Am 17.03.2013 01:46, schrieb Jeremy Baron:
>
> On Mar 16, 2013 7:18 PM, "Thomas Gries" <mail at tgries.de> wrote:
> > Why not salt-per-user ?
>
> I'm not sure what you mean.
>
>
> It is much safer to add have different salt per user.
> http://crackstation.net/hashing-security.htm
>
> section The RIGHT Way: How to Hash Properly
> ...
> The salt needs to be unique per-user per-password. Every time a user
> creates an account or changes their password, the password should be hashed
> using a new random salt. Never reuse a salt. The salt also needs to be
> long, so that there are many possible salts. As a rule of thumb, make your
> salt is at least as long as the hash function's output. The salt should be
> stored in the user account table alongside the hash.
>
>
We're talking about salt stack, which is a remote execution and
configuration management framework. We're not talking about cryptography.
- Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wikimedia.org/pipermail/labs-l/attachments/20130316/b54ec84e/attachment.html>
More information about the Labs-l
mailing list