Skip to main content
Code Review

Return to Answer

deleted 7 characters in body
Source Link
Jamal
Jamal
  • 35.2k
  • 13
  • 134
  • 238

No.

Concern 1:

Most password hashing libraries will perform a hash recursively 2^n2n times. on Modern On modern systems, they choose 2^828 or higher (resulting in 512 hashes).

While you are using a salt, you're only hashing the password once. This would allow a hacker to create a rainbow table with considerably less effort.

Concern 2:

Also, another concern, ifIf you're creating a random salt everytime, you'll never be able to verify the password. I would pass the salt in (or return the salt with the hash). That, that way the hash is repeatable.

No.

Concern 1:

Most password hashing libraries will perform a hash recursively 2^n times. on Modern systems, they choose 2^8 or higher (resulting in 512 hashes).

While you are using a salt, you're only hashing the password once. This would allow a hacker to create a rainbow table with considerably less effort.

Concern 2:

Also, another concern, if you're creating a random salt everytime, you'll never be able to verify the password. I would pass the salt in (or return the salt with the hash). That way the hash is repeatable.

No.

Concern 1:

Most password hashing libraries will perform a hash recursively 2n times. On modern systems, they choose 28 or higher (resulting in 512 hashes).

While you are using a salt, you're only hashing the password once. This would allow a hacker to create a rainbow table with considerably less effort.

Concern 2:

If you're creating a random salt everytime, you'll never be able to verify the password. I would pass the salt in (or return the salt with the hash), that way the hash is repeatable.

Source Link
Chris
Chris
  • 161
  • 2

No.

Concern 1:

Most password hashing libraries will perform a hash recursively 2^n times. on Modern systems, they choose 2^8 or higher (resulting in 512 hashes).

While you are using a salt, you're only hashing the password once. This would allow a hacker to create a rainbow table with considerably less effort.

Concern 2:

Also, another concern, if you're creating a random salt everytime, you'll never be able to verify the password. I would pass the salt in (or return the salt with the hash). That way the hash is repeatable.