Re: Where to store your salt
From: Ken Cox [Microsoft MVP] (BANSPAMken_cox_at_sympatico.ca)
Date: 01/26/04
- Next message: Yan-Hong Huang[MSFT]: "RE: Can I pass ASP Basic Auth Credentials to an APS.NET Forms Authentication site?"
- Previous message: Yan-Hong Huang[MSFT]: "Re: Forms Authentication to specific folders"
- In reply to: Edgar Sánchez: "Where to store your salt"
- Next in thread: Derek Slager: "Re: Where to store your salt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 25 Jan 2004 22:30:16 -0500
Some people store the salt in the web.config.
"Edgar Sánchez" <edgar.sanchez@logicstudio.net> wrote in message
news:%23xEGHwi4DHA.504@TK2MSFTNGP11.phx.gbl...
> Reviewing the code in "Building Secure Microsoft ASP.NET Applications" for
> hashing passwords with salt, I see that the salt is stored in the same
> table
> as the hashed password. The idea of using salt is to make a dictionary
> attack harder but if we store the salt close to the hashed password then
> the
> attacker can attach the salt to the dictionary passwords and go on with
> his/her attack. For what I understood of the salting technique, the salt
> should be saved somewhere else, is this right or I am missing something?
>
>
- Next message: Yan-Hong Huang[MSFT]: "RE: Can I pass ASP Basic Auth Credentials to an APS.NET Forms Authentication site?"
- Previous message: Yan-Hong Huang[MSFT]: "Re: Forms Authentication to specific folders"
- In reply to: Edgar Sánchez: "Where to store your salt"
- Next in thread: Derek Slager: "Re: Where to store your salt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
