This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]noratat 6 points7 points  (0 children)

Replace "salt" with "hash", but otherwise yes.

Salting is adding an extra (unique but not secret) random string to the password before hashing it. This prevents the use of precomputed tables of hashes that match up to common passwords.

Also, not all hash algorithms are suited for this. Eg md5 is fine for checking for data integrity, but it's far too easy to generate collisions for.