What is the purpose of using a"salt" along with the user-provided password? Where should the"salt" be stored,and how should it be used?
问题信息
-
扫描二维码,关注牛客网
- 意见反馈
-
下载牛客APP,随时随地刷题
扫一扫,把题目装进口袋
- 求职之前,先上牛客
-
扫描二维码,进入QQ群
扫描二维码,关注牛客公众号
- 公司地址:北京市朝阳区北苑路北美国际商务中心K1座一层-北京牛客科技有限公司
- 联系方式:010-60728802 投诉举报电话:010-57596212(朝阳人力社保局)
- 牛客科技© All rights reserved admin@nowcoder.com
- 京ICP备14055008号-4 增值电信业务经营许可证 营业执照 人力资源服务许可证
-
京公网安备
11010502036488号
When a user creates a passw ond,the system generates a random number (which is the salt ) and appends it to the user-provided password,encrypts the resulting string and stores the encrypted result and the salt in the password file.When a password check is to be made,the password presented by the user is first concatenated with the salt and then encrypted before checking for equality wi th the stored password.Since the salt is different for different users,a passwork cracker cannot check a single candidate password,encrypt it,and check it against all of the encrypted passwords simultaneously.