Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you're using the same salt for everything, you've very nearly defeated the purpose of using a salt.

No salt means that a password hashes to the same thing, everywhere. A site specific salt means that someone can generate rainbow table to efficiently attack all accounts. A user specific salt means that generating rainbow tables is effectively the same (complexity) as brute-forcing.



> If you're using the same salt for everything, you've very nearly defeated the purpose of using a salt.

I'm aware - it's hardly a rare use-case though (sadly).




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: