DEV Community

Cover image for Password Security:Dynamic Salt
ADEKOLA Abdwahab
ADEKOLA Abdwahab

Posted on

3 1

Password Security:Dynamic Salt

It is good to salt (static) your password.

It is good to hash your salted password.

But it is not so difficult for attackers to breach these methods.

To add an extra layer of security, the principle of DYNAMIC SALTING emerged.

Dynamic salting is the act of using different salt for different users. These salts are generated newly each time a password has to be saved, whether through a password reset or new signup.

How can you implement DYNAMIC SALT/SALTING as a developer?

Here are 5 simple steps to achieve strong password security via dynamic salting:

A. For new signup

  1. get the user's password (e.g. myP@$swaRd)
  2. generate a new salt (e.g. 8jdn*nY4rg^s@1)
  3. salt the password to give 8jdn*nY4rg^s@1myP@$swaRd, you can put the password first, the order does not matter.
  4. then hash the password, to give something like c150eb6c1b776f390be60a0a5933a2a2f8c0a0ce766ed92fea5bfd9313c8f
  5. save the hash to the db, also save the salt to the db in the record on this user.

B. to authenticate (confirm) a user

  1. get the email and password a user is trying to login with
  2. use the email to retrieve the salt from the DB
  3. use the retrieved salt to salt the inputted password.
  4. using the same formula you used when creating the password as a new user, hash the result of step 3
  5. compare the result of step 4 with the password you retrieved in step 1

Voila!!

Follow and tweet @wahabind

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Top comments (0)

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more