- Jul 25, 2012
- 235
- 1
- 19,115
I keep reading about hashing and the use of salts, and it makes sense to me as far as the end result is concerned - add entropy to a hash so that it is not easily crackable or guessable.
That said, the one hiccup I keep encountering, is algorithms are fixed states of instructions that can be executed to achieve a uniform result - so if a salt is randomized and added to a hash either retro-or-actively, how is it that a website can then retrieve this result from its databases, since the user's password, when entered, supposing it followed a salt+hash as well would have randomized data that would not resolve to the original hash....
Or do I misunderstand?
That said, the one hiccup I keep encountering, is algorithms are fixed states of instructions that can be executed to achieve a uniform result - so if a salt is randomized and added to a hash either retro-or-actively, how is it that a website can then retrieve this result from its databases, since the user's password, when entered, supposing it followed a salt+hash as well would have randomized data that would not resolve to the original hash....
Or do I misunderstand?
/arstechnica.com/security/2012/08/passwords-under-assault/
Facebook
Twitter