Re: Is their much benefit In using a second hidden salt

2010-12-07 Thread andy
I see, I really had not give much though to the points that you make. I guess the secret salt really does create some possible inconvenience and should be feature left up to developers to implement as you say. Thanks for the input. On Dec 7, 6:37 pm, Ian Kelly wrote: > On Tue, Dec 7, 2010 at 2:27

Re: Is their much benefit In using a second hidden salt

2010-12-07 Thread Ian Kelly
On Tue, Dec 7, 2010 at 2:27 PM, andy wrote: > However I'm a bit curious about the significance of adding a second > salt to the password before it is hashed and then using the regular > per-user salt. Currently my opinion is that their is added benefit > since it make dictionary attacks more chall

Is their much benefit In using a second hidden salt

2010-12-07 Thread andy
So I was having a bit of confusion over the method that django uses to protect passwords. The issues I had was that It seen unsecured to have the salt publicly available in the database since anyone who gets hold of the database would know the salt. After rereading the django book and doing some ad