I see, I really had not give much though to the points that you make.
I guess the secret salt really does create some possible inconvenience
and should be feature left up to developers to implement as you say.
Thanks for the input.
On Dec 7, 6:37 pm, Ian Kelly wrote:
> On Tue, Dec 7, 2010 at 2:27
On Tue, Dec 7, 2010 at 2:27 PM, andy wrote:
> However I'm a bit curious about the significance of adding a second
> salt to the password before it is hashed and then using the regular
> per-user salt. Currently my opinion is that their is added benefit
> since it make dictionary attacks more chall
So I was having a bit of confusion over the method that django uses to
protect passwords. The issues I had was that It seen unsecured to have
the salt publicly available in the database since anyone who gets hold
of the database would know the salt. After rereading the django book
and doing some ad