DEV Community

Discussion on: Explain Hashing + salting Like I'm Five

Collapse
 
0xyasser profile image
Yasser A • Edited

Normally you store the password and salt together in your db.

HashFunc(string pass):
    salt = randomGenerator()
    hashed = hash.SHA256(pass+salt)
    storeInDB(hashed+“:”+salt)

This way each password have a different salt and they are stored in your db.
For checking,

checkPass(string id, string pass):
    salt = retrivePassFromDB(id).split(“:”)[1]
    isCorrectPass = hash.SHA256(pass+salt) == retriveFromDB(id)
    return isCorrectPass

Rember the main reason of having salt is to prevent the hacker from using the rainbow tables. So it’s totally fine to store them as plan text in the db. Because the hacker will have to generate a whole new rainbow table for each password to be able to check againet them. Which is near impossible with current cpu capabilities.

Thread Thread
 
avasconcelos114 profile image
Andre Vasconcelos

Thank you for the detailed response, I think I understand the gist of it a lot better now :)