Hacker News new | comments | show | ask | jobs | submit login

The specific attack that per-user random salts are designed to prevent are pre-computed rainbow tables. Brute-forcing MD5 is nearly as fast as using rainbow tables, so the benefits are possibly dubious.





Who uses MD5 for hashing password anymore?

People one step above those who think storing plain-text passwords is okay.



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: