re: BxJS Weekly Episode 65 - javascript news podcast VIEW POST

TOP OF THREAD FULL DISCUSSION
re: Just saying -- storing the salt alongside the hash is very common. It's used just about everywhere (/etc/shadow, bcrypt in general…). The alternat...
 

But if your DB is leaked - wouldn't that make decrypting password easier? πŸ€”
Having one common salt that's not in DB would mean that attacked upon acquiring that DB would have to first figure out what that salt was.
Or am I just misunderstanding something here? πŸ€”

Edit: Just did some googling, and apparently I totally confused salt with encryption keys used in a different set of algos all this time. I am a bit of an idiot πŸ€¦β€β™‚οΈ

 

Yeah. Main difference is between initialization vector/key (you keep the initialization vector and remember the key) and a randomness adder (salt). A salt and an IV are similar, in that they introduce uniqueness into place there might not be otherwise.

code of conduct - report abuse