I’ve used hashing algorithms back in my PHP days using bcrypt, which has a function to compare an entered password on the login form, to the hash stored in the database, but if the salt is random each time, how can the hash be checked?
In: Technology
The salt isn’t “random each time” in most systems. A random salt is randomly chosen when the password is set, and stored with the hash. “Entered password” + “stored salt” is the input to the hash function. Salt is prevention against dictionary attacks where evildoers have hashed oodles of common passwords before hand, and are just checking for a hash answer that matches something in their table.
Latest Answers