[Owasp-codereview] Adding Salt?

Zaki Akhmad zakiakhmad at gmail.com
Tue Mar 3 06:10:18 EST 2009


Hello,

I don't understand[1], how we compare hash result from the password
(after it has been concatenate with salt) with the hash value? Isn't
it the user must enter the "salt value" after he/she enter the
password in order to get the same hash value?

Illustration:
password: abcde
salt: 01
hash (password+salt) = qwertyqwerty

But the user never enter the "salt value". CMIIW.

-- 
Zaki Akhmad
[1]http://www.owasp.org/index.php/Hashing_Java#Why_add_salt_.3F


More information about the Owasp-codereview mailing list