[Owasp-codereview] Adding Salt?

Zaki Akhmad zakiakhmad at gmail.com
Tue Mar 3 06:10:18 EST 2009


I don't understand[1], how we compare hash result from the password
(after it has been concatenate with salt) with the hash value? Isn't
it the user must enter the "salt value" after he/she enter the
password in order to get the same hash value?

password: abcde
salt: 01
hash (password+salt) = qwertyqwerty

But the user never enter the "salt value". CMIIW.

Zaki Akhmad

More information about the Owasp-codereview mailing list