While not entirely random, would a "date based" salt work as well? Say, the date... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		darylteo on June 6, 2012 \| parent \| context \| favorite \| on: 6.5 Million LinkedIn Password Hashes Leaked While not entirely random, would a "date based" salt work as well? Say, the date that the entry was added? This would still negate rainbow tables as a specific user entry needs to be targeted.

eli on June 6, 2012 [–]

It would probably work well enough, but... why not just add a proper random salt field that isn't tied to anything an attacker could guess? Is something like 8 bytes per user too expensive?

darylteo on June 7, 2012 | [–]

Perhaps I'm missing something but... wouldn't you still need to store the random salt field somewhere in the database?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact