in reply to Re: How to use salt with CGI::Application::Plugin::Authentication
in thread How to use salt with CGI::Application::Plugin::Authentication

Different passwords can result in the same MD5 hash. The purpose of the salt is to prevent users from abusing this (i.e. logging in with a different password that happens to hash to the same value). Which means the user should not know what the salt is since that makes the salt pointless. Your notion about what the salt is above (#3) is wrong. Agree with scorpio17 that normally the salt and the encrypted password are stored together. Would be interested in knowing the reason why they are separated.

Elda Taluta; Sarks Sark; Ark Arks
  • Comment on Re^2: How to use salt with CGI::Application::Plugin::Authentication

Replies are listed 'Best First'.
Re^3: How to use salt with CGI::Application::Plugin::Authentication
by Anonymous Monk on May 11, 2011 at 23:49 UTC
    Please see my response to Scorpio17.

    The separate salt is mostly for Admin use. It will make sure that there is not any repeated use of same salt string.
[reply]

In Section Seekers of Perl Wisdom