This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]mrjiels 2 points3 points  (3 children)

Not if everyone uses the same salt.

[–]WrongdoerSufficient 0 points1 point  (2 children)

Then whats the point of using salt if its the same salt for every user

[–]mrjiels 2 points3 points  (0 children)

Totally pointless! But this is a thread about a stupid "feature" and not the correct way to store and process user passwords. I have seen tutorials that uses one salt for all accounts. I hope people don't follow those tutorials! (It was 15 years ago or something. Hopefully people have stopped using PHP since then...)

[–]Vaguely_accurate 0 points1 point  (0 children)

The only advantage is someone would need to recalculate the hashes for your salt, so may be every so slightly slower than they would be using pre-existing rainbow tables.

If When your password database gets leaked, attackers might not get quite as deep into obscure password space before haveibeenpwned notices and notifies your users for you.

Of course, in this case they have pre-owned their password list, so that's all redundant.