i suspect you don't know that the salt is stored with the password [edit: when u... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		andrewcooke on July 1, 2011 \| parent \| context \| favorite \| on: How To Safely Store A Password i suspect you don't know that the salt is stored with the password [edit: when using standard libraries like crypt and bcrypt - please don't invent your own scheme]. so when someone steals the password list they get the salt too. the salt is not "secret" - it is stored in plain text for each password. it does not need to be secret to do its job (defend against rainbow tables).

roel_v on July 1, 2011 [–]

Sometimes the salt is stored with the password. I sometimes see having a hardcoded salt referred to as 'security by obscurity', but considering that many attacks result in just a database dump, not giving attackers access to (at least part of) the hash is a useful security layer.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact