Can anyone share best practices for implementing salting in hash functions?
Sort By:
Oldest
Chief Evangelist in IT Servicesa year ago
Is this for password storage? Most organization I've worked with simply adopt a modern hashing algorithm such as outlined here that automatically salts the passwords.https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#password-hashing-algorithms
1. Create an unrepeated salts for each and every applications or services.
2. Combine the salt with a strong alphanumeric password
3. Always have strong and long hash algo
4. Implement multiple iterations
5. Enforced to update the salt and hash after a periodic internal (have the internal as short as possible )
6. Secure store of salt and Hash.