DEV Community

Play Button Pause Button
Tim Ermilov
Tim Ermilov

Posted on

BxJS Weekly Episode 65 - javascript news podcast

Hey dev.to community!

BxJS Weekly Episode 65 is now out! 🚀
Listen to the best javascript news of the week in a podcast form right here.

Here's all the mentioned links (also found on github):

Getting started:

Articles & News:

Tips, tricks & bit-sized awesomeness:

Releases:

Libs & demos:

Interesting & silly stuff:

Any feedback is appreciated 😁

Additional stuff:

Social media links:

If you enjoy my content, please consider supporting me 😉

Top comments (3)

Collapse
 
zanehannanau profile image
ZaneHannanAU

Just saying -- storing the salt alongside the hash is very common. It's used just about everywhere (/etc/shadow, bcrypt in general…).

The alternative is: how are you to be able to log in? If the salt isn't stored, then the hash becomes useless. If it is stored, but is constant across the database; then what point does the salt have? It would be a problem were it sha1 or similar, but it isn't.

Other than that… argon2 is quite strong so far at least.

Collapse
 
yamalight profile image
Tim Ermilov • Edited

But if your DB is leaked - wouldn't that make decrypting password easier? 🤔
Having one common salt that's not in DB would mean that attacked upon acquiring that DB would have to first figure out what that salt was.
Or am I just misunderstanding something here? 🤔

Edit: Just did some googling, and apparently I totally confused salt with encryption keys used in a different set of algos all this time. I am a bit of an idiot 🤦‍♂️

Collapse
 
zanehannanau profile image
ZaneHannanAU

Yeah. Main difference is between initialization vector/key (you keep the initialization vector and remember the key) and a randomness adder (salt). A salt and an IV are similar, in that they introduce uniqueness into place there might not be otherwise.