J
jankeir
Guest
I think you misunderstood. The salt is what is combined with the password before the hashing, not the result. In your example it would be the 'generic part'. Also, you don't want it to be generic, you want it to be different for each user. You store the salt per user and the result of the hash of pw combined with salt. The idea is that if someone steals your database they have to do a brute force against every single password, not just a single brute force that gives all passwords in the database. There are some details here: crackstation.net/hashing-security.htm
Continue reading...
Continue reading...