Archives
Archives
| From: | Kent Fredric <kentnl@g.o> | ||
|---|---|---|---|
| To: | gentoo-dev@l.g.o | ||
| Subject: | Re: [gentoo-dev] [RFC] Anti-spam for goose | ||
| Date: | Thu, 21 May 2020 13:41:34 | ||
| Message-Id: | 20200522014116.41110649@katipo2.lan | ||
| In Reply to: | Re: [gentoo-dev] [RFC] Anti-spam for goose by "Michał Górny" |
||
| 1 | On Thu, 21 May 2020 15:16:12 +0200 |
| 2 | Michał Górny <mgorny@g.o> wrote: |
| 3 | |
| 4 | > Isn't the whole point of salted hash to use unique salts? |
| 5 | |
| 6 | You'd thinik so, but I've seen too many piece of code where the salt |
| 7 | was a hardcoded string right there in the hash generation. |
| 8 | |
| 9 | md5sum( "SeKrIt\0" + pass ) |
| 10 | |
| 11 | So I've learned to never assume that salts were unique per entry. |