From: | Kent Fredric <kentnl@g.o> | ||
---|---|---|---|
To: | gentoo-dev@l.g.o | ||
Subject: | Re: [gentoo-dev] [RFC] Anti-spam for goose | ||
Date: | Thu, 21 May 2020 13:41:34 | ||
Message-Id: | 20200522014116.41110649@katipo2.lan | ||
In Reply to: | Re: [gentoo-dev] [RFC] Anti-spam for goose by "Michał Górny" |
1 | On Thu, 21 May 2020 15:16:12 +0200 |
2 | Michał Górny <mgorny@g.o> wrote: |
3 | |
4 | > Isn't the whole point of salted hash to use unique salts? |
5 | |
6 | You'd thinik so, but I've seen too many piece of code where the salt |
7 | was a hardcoded string right there in the hash generation. |
8 | |
9 | md5sum( "SeKrIt\0" + pass ) |
10 | |
11 | So I've learned to never assume that salts were unique per entry. |