-
Notifications
You must be signed in to change notification settings - Fork 1
How does the salting work?
A complete description about salting can be found on Wikipedia: https://en.wikipedia.org/wiki/Salt_%28cryptography%29
When a user want to create a new account, his password should get hashed with a unique salt. A salt is a random string which gets (at least in this library) generated with hashlib_generate_salt. The salting works like this: If our random salt is for example c163a3a8461967c1b0a5f646d2ca26332586e8fa795e7e940d21158cbe851078 and the password of the user is hello, the hashlib would append the password behind the salt and hashes the password afterwards.
The string which gets hashed: c163a3a8461967c1b0a5f646d2ca26332586e8fa795e7e940d21158cbe851078hello
Result (SHA-1): f74808e61bdf6302dd9c4ae92b7b356ed46f149a
Note: It's required to save the salt for each user in a database with the hashed password. When the user wants to log in, you have to make sure, that you use the saved salt for hashing the input of the user.
A PHP example can be found here: https://github.com/mschnitzer/hashlib/wiki/Login-via-PHP