| ▲ | csnover 9 days ago | |
No. This is why salts[0] are used. | ||
| ▲ | integralid 9 days ago | parent | next [-] | |
This is how it should be done. But it still doesn't protect users fully, because attacker can try to brute-force passwords their interested in. It requires much more effort though. | ||
| ▲ | incorrecthorse 9 days ago | parent | prev [-] | |
And compute-intensive hash functions. Computers this day are powerful enough to hashcat each individual pwd+salt if a fast hashing function is used. | ||