E
Edgar Sánchez
Reviewing the code in "Building Secure Microsoft ASP.NET Applications" for
hashing passwords with salt, I see that the salt is stored in the same table
as the hashed password. The idea of using salt is to make a dictionary
attack harder but if we store the salt close to the hashed password then the
attacker can attach the salt to the dictionary passwords and go on with
his/her attack. For what I understood of the salting technique, the salt
should be saved somewhere else, is this right or I am missing something?
hashing passwords with salt, I see that the salt is stored in the same table
as the hashed password. The idea of using salt is to make a dictionary
attack harder but if we store the salt close to the hashed password then the
attacker can attach the salt to the dictionary passwords and go on with
his/her attack. For what I understood of the salting technique, the salt
should be saved somewhere else, is this right or I am missing something?