- Home /
Checking a hash with random salt
I'm trying to write a very basic login system using SHA512 + random salt. So I have this
user creates hash:
hash(password+randomSalt)+randomSalt;
So the salt is appended with the hash. Which is then sent to the server and stored.
Now my problem is comparing when someone tries login. The user doesn't know the salt, and I don't want to send the plain text password to the server so I'm a little stuck.
Any safe suggestions?
Answer by tertle · Nov 08, 2011 at 01:41 AM
Should answer/close this. Firstly MD5 isn't really safe hence I'm using SHA-2.
After a bit of research and some helpful people on stackoverflow, I ended up just using username as the salt, rather than randomly generating it.
Answer by WillTAtl · Nov 02, 2011 at 01:14 AM
I don't trust my knowledge of security to really answer this one the way you'd like, I'll just note that cryptographic security is something best left to the experts. If you're just trying to make your own to learn how, fair enough, but if you actually care about doing it securely, talk to google and find/use an established package. Security is incredibly tricky stuff to do right, even the experts can screw it up big time, so it's best to go with established and battle-tested libraries.
So basically, my safe suggestion is don't write your own at all. Do what this guy did instead.
Your answer
Follow this Question
Related Questions
How can i create a network mutliplayer login? 0 Answers
Help connection to SQL via Json file 1 Answer
How do you make a password script in c#? 0 Answers
Multiple Cars not working 1 Answer
Distribute terrain in zones 3 Answers