In light of Gawker's recent situation, how should you be salting passwords?

[Skywing]

I figured I'd ask. We all know by now that Gawker has was compromised and it sounds like they weren't salting their passwords very well, or at all.

With that in mind, what is the proper way to do this? Is it fine to simply have a single, rather random salt used or should you somehow change the salt all the time? If the salt changes, how do you know how to compare it when they're logging in?

[mathgladiator]

https://github.com/mathgladiator/win/blob/master/lib/win.sec...

I give it both a static prefix and a configurable suffix.

I once had a system that used their login as part of the salt, but that introduced major support issues.

[smoody]

But, specific to Gawker's case -- where the databases and source code are compromised, this would not work, correct? There'd have to be some salt that does not exist in the database, config files, or source code. I guess one could, as a (weak) added level of security, pass-in values when a server is spun-up (or apache, etc) that are part of the launching of apps, but not store in files of any kind.

[njg]

The salt has to be present in your system so you can use it to hash the provided password and check that it matches the hash you have on file. People usually keep it right next to the password.

The salt serves two functions: Make rainbow table attacks more difficult

Obscuring cases where two users have the same password. If two users both use "blah7$monkey" as their password and you don't use a salt, they will hash to the same value.

If I steal your password database and I want to compromise one account, a salt offers no protection. Hash algo and password strength are what matter.

[1331]

http://chargen.matasano.com/chargen/2007/9/7/enough-with-the...

[ra]

http://stackoverflow.com/questions/401656/secure-hash-and-sa...