I’ve used hashing algorithms back in my PHP days using bcrypt, which has a function to compare an entered password on the login form, to the hash stored in the database, but if the salt is random each time, how can the hash be checked?
You store the salt along with the hashed value. The salt doesn’t need to be kept secret — its job is to just reduce dictionary or password reuse based attacks against the hashed passwords.
Latest Answers