I see, I really had not give much though to the points that you make.
I guess the secret salt really does create some possible inconvenience
and should be feature left up to developers to implement as you say.
Thanks for the input.
On Dec 7, 6:37 pm, Ian Kelly wrote:
> On Tue, Dec 7, 2010 at 2:27
On Tue, Dec 7, 2010 at 2:27 PM, andy wrote:
> However I'm a bit curious about the significance of adding a second
> salt to the password before it is hashed and then using the regular
> per-user salt. Currently my opinion is that their is added benefit
> since it make dictionary attacks more chall
