Hacker News new | past | comments | ask | show | jobs | submit login

I think in that case he's referring to having a global salt instead of a unique salt for every password, in which case he's right. However, that's kind of a silly statement because the example web framework that he was using doesn't just have some global salt and nothing else.



A global salt is not a salt.

Term people are using for a secret is pepper.

H(pepper | salt | password) type of thing.


Nice, but I'm also disappointed :-)

My term is vinegar which is IMHO better!




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: