-1

I'm trying to store passwords which each have their own unique salts.

But I don't really get the whole concept of creating unique salts because I can't imagen A. How you would be able to create a unique salt for every user that creates an account, B. How you would be able to compare passwords since the salts differ from user to user.

So my questions are:

  1. How can I make a unique salt for every user.

  2. How would I be able to compare the password.

samuel gast
  • 331
  • 4
  • 17

1 Answers1

0

Salts are generated with the help of the random source of the operating system /dev/urandom. This random number generator collects random events like user login, or hardware properties, to generate real randomness.

You need to store the salt together with the password hash, a common format is shown in this answer. To verify the password, one has to extract the stored salt and use them to build a comparable hash.

martinstoeckli
  • 23,430
  • 6
  • 56
  • 87