Electronics & Programming

develissimo

Open Source electronics development and programming

  • You are not logged in.
  • Root
  • » Django
  • » Is their much benefit In using a second hidden salt [RSS Feed]

#1 Dec. 7, 2010 00:14:55

a.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

Is their much benefit In using a second hidden salt


So I was having a bit of confusion over the method that django uses to
protect passwords. The issues I had was that It seen unsecured to have
the salt publicly available in the database since anyone who gets hold
of the database would know the salt. After rereading the django book
and doing some additional research I discovered that this method was
particularly targeted at rainbow tables attacks and is indeed view by
many as a better option than a system wide hidden salt.

However I'm a bit curious about the significance of adding a second
salt to the password before it is hashed and then using the regular
per-user salt. Currently my opinion is that their is added benefit
since it make dictionary attacks more challenging and possibly almost
impossibly if the attacker does not know the hidden salt. Django has a
secretKey in the setting file I wondering why this could not have been
used as second salt in the authentication system.

--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

  • Root
  • » Django
  • » Is their much benefit In using a second hidden salt [RSS Feed]

Board footer

Moderator control

Enjoy the 21st of August
PoweredBy

The Forums are managed by develissimo stuff members, if you find any issues or misplaced content please help us to fix it. Thank you! Tell us via Contact Options
Leave a Message
Welcome to Develissimo Live Support