在源代码中加盐是否更安全?
Is it safer to have the salt in the source code?
在源代码中加盐是否更安全?如果数据库被盐破坏,那么一切都会丢失..但是如果他们只有散列,他们就不能用它做任何事情..如果盐在源代码中,你可以使用他们的用户标识或其他东西吗?有谁知道..
一定要为每个密码使用新盐,并将它们与密码一起存储在数据库中。请参阅 https://en.wikipedia.org/wiki/Salt_(cryptography)#Common_mistakes for reasons. If you want to learn more about the topic, the whole wikipedia article is a great source, followed by https://en.wikipedia.org/wiki/Rainbow_table, maybe even some generic info about hashing like https://en.wikipedia.org/wiki/Cryptographic_hash_function。
在源代码中加盐是否更安全?如果数据库被盐破坏,那么一切都会丢失..但是如果他们只有散列,他们就不能用它做任何事情..如果盐在源代码中,你可以使用他们的用户标识或其他东西吗?有谁知道..
一定要为每个密码使用新盐,并将它们与密码一起存储在数据库中。请参阅 https://en.wikipedia.org/wiki/Salt_(cryptography)#Common_mistakes for reasons. If you want to learn more about the topic, the whole wikipedia article is a great source, followed by https://en.wikipedia.org/wiki/Rainbow_table, maybe even some generic info about hashing like https://en.wikipedia.org/wiki/Cryptographic_hash_function。