undefined | Better HN

0 pointsnewdude1165y ago0 comments

He would have to break the cryptographic algo to see the salt. Good luck with that. Sure that is possible for the NSA with weak encryption. But most hackers wont be able to do this. The salt does not give a slightly different hash but a totally different hash. Also, using salt (your own or server based) should protect you from some kind of rainbow table attacks.

But just use a PW manager (e.g. enpass.io ) I am very happy with it but I don't use the autofill plug-ins. You can never be paranoid enough.

0 comments

3 comments · 1 top-level

jmartrican5y ago· 2 in thread

I think the OP is talking about salts that get concatenated as a prefix or suffix, not the salting that happens in oneway hash functions. Remember the topic here is related to getting your pw's exposed and how to easily create different pw's to deal with that scenario.

newdude116OP5y ago

Both. The salting SHOULD happen in one way Hash functions. But sometimes it does not. Using your own prefix when always using the same password is the second worst solution but at least better than nothing. Poor mans salting :-)

Use a PW manager.

jmartrican5y ago

I use a PW manager like its a religion. But having all my eggs in one basket gets me so nervous. I like the poor man's salting solution, and used it a lot before i got a PW manager. I just like to use a scheme where if you see my PW you cannot make out what the pw will be for some other site. For example if the site is hackernews.com, the pw might be "ag" + myusualpassword. Where "ag" is the first two letters of the base64 string of the URL... in this case "hackernews.com". That was just an example... I will not divulge what I actually used to generate my poor man's salt.

j / k navigate · click thread line to collapse