Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • @[email protected]
    link
    fedilink
    English
    43 months ago

    Some implementers reuse the same salt for all passwords. It’s not the worst thing ever, but it does make it substantially easier to crack than if everything has its own salt.

    • @[email protected]
      link
      fedilink
      English
      33 months ago

      That’s a pepper not a salt. A constant value added to the password that’s the same for every user is a pepper and prevents rainbow table attacks. A per-user value added is a salt and prevents a number of things, but the big one is being able to overwrite a users password entry with another known users password (perhaps with a SQL injection).