TalkPHP - View Single Post - Whats wrong with storing your salt in DB?

Nor · 11-17-2007, 12:15 AM

Apparently if you store your salt in db the cracker has more change of cracking passwords then again if they can get a hold of your db then they have access to cpanel right, then they have access to your files, and if you didn't store salts in db but in the files what makes it so they just wont use the salt from the file, which would take shorter time to crack passwords if they get your hashed pw's from your db, then when you have a whole bunch of random salts the cracker would take forever to crack the hashes, what makes this safe anyways? Either way theres no real way to hash your passwords to make them safe. Like in "Pro PHP Security" said, "nothing on the internet is un-vulnerable".

11-17-2007, 12:15 AM	#1 (permalink)
Nor The Addict Join Date: Nov 2007 Posts: 282 Thanks: 61	Whats wrong with storing your salt in DB? Apparently if you store your salt in db the cracker has more change of cracking passwords then again if they can get a hold of your db then they have access to cpanel right, then they have access to your files, and if you didn't store salts in db but in the files what makes it so they just wont use the salt from the file, which would take shorter time to crack passwords if they get your hashed pw's from your db, then when you have a whole bunch of random salts the cracker would take forever to crack the hashes, what makes this safe anyways? Either way theres no real way to hash your passwords to make them safe. Like in "Pro PHP Security" said, "nothing on the internet is un-vulnerable". __________________ PHP/XHTML Freelancer: Cleanscript.com v3 - Programming starting at just $5 act now!