loading...
Play Button Pause Button

BxJS Weekly Episode 65 - javascript news podcast

yamalight profile image Tim Ermilov ใƒป4 min read

Hey dev.to community!

BxJS Weekly Episode 65 is now out! ๐Ÿš€
Listen to the best javascript news of the week in a podcast form right here.

Here's all the mentioned links (also found on github):

Getting started:

Articles & News:

Tips, tricks & bit-sized awesomeness:

Releases:

Libs & demos:

Interesting & silly stuff:

Any feedback is appreciated ๐Ÿ˜

Additional stuff:

Social media links:

If you enjoy my content, please consider supporting me ๐Ÿ˜‰

Discussion

pic
Editor guide
Collapse
zanehannanau profile image
ZaneHannanAU

Just saying -- storing the salt alongside the hash is very common. It's used just about everywhere (/etc/shadow, bcrypt in generalโ€ฆ).

The alternative is: how are you to be able to log in? If the salt isn't stored, then the hash becomes useless. If it is stored, but is constant across the database; then what point does the salt have? It would be a problem were it sha1 or similar, but it isn't.

Other than thatโ€ฆ argon2 is quite strong so far at least.

Collapse
yamalight profile image
Tim Ermilov Author

But if your DB is leaked - wouldn't that make decrypting password easier? ๐Ÿค”
Having one common salt that's not in DB would mean that attacked upon acquiring that DB would have to first figure out what that salt was.
Or am I just misunderstanding something here? ๐Ÿค”

Edit: Just did some googling, and apparently I totally confused salt with encryption keys used in a different set of algos all this time. I am a bit of an idiot ๐Ÿคฆโ€โ™‚๏ธ

Collapse
zanehannanau profile image
ZaneHannanAU

Yeah. Main difference is between initialization vector/key (you keep the initialization vector and remember the key) and a randomness adder (salt). A salt and an IV are similar, in that they introduce uniqueness into place there might not be otherwise.