Re^5: SaltedDigest Salt?

.apart from that ^^ mad idea,

I certainly wouldn't use that idea.

if you were implementing it. Would you store randomly generated salt in the database or just settle on one secret salt (that will need to be visible in the code)?

I would write a small C program that has the secret salt embedded in it, encrypted. When run, it would check that it's parent was the webserver (or whatever other process is doing the authentication), and that its stdout is connected to a pipe. It would then decrypt the salt and write it to stdout. I'd make sure that the source code was not available on the server.

I'd also ensure that the authenticating program combined the userid + passphrase + salt to generate the hash.

Note:This is not recommendation! Just what I would do for a non-critical application.

With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

The start of some sanity?

Comment on Re^5: SaltedDigest Salt?