StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POHow do you securely store a user's password and salt in MySQL?
primarykey
Id
7270526
data
AcceptedAnswerId
7270676
AnswerCount
8
ClosedDate
CommentCount
1
CommunityOwnedDate
CreationDate
2011-09-01T12:48:51.007
FavoriteCount
9
LastActivityDate
2017-04-06T00:21:46.150
LastEditDate
2017-05-23T11:55:19.593
LastEditorUserId
-1
OwnerUserId
0
ParentId
0
PostTypeId
1
Score
15
ViewCount
31432
LastEditorDisplayName
user317005
text
Body
So, I found out on SO that you're supposed to hash the password together with a "salt". (The articles can be found <a href="https://stackoverflow.com/questions/6879706/securely-hash-passwords-so-much-conflicting-advice/6879902">here</a> and <a href="https://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords">here</a>.) Here's the code: <pre><code>$password = 'fish'; /* should be "unique" for every user? */ $salt= 'ABC09'; $site_key = 'static_site_key'; hash_hmac('sha1', $password . $salt, $site_key); </code></pre> And now I need to save both the <code>$password</code> and <code>$salt</code> in MySQL, like so: <pre><code>+---------+--------+----------+-------+ | user_id | name | password | salt | +---------+--------+----------+-------+ | 1 | krysis | fish** | ABC09 | +---------+--------+----------+-------+ </code></pre> ** <code>fish</code> will of course be hashed and not stored in plain text. And I'm just wondering whether or not it actually makes sense to do it this way, because this way a hacker or whoever will also know the salt? So, if they crack the password and the see it's <code>fishABC09</code> they automatically will know the password is <code>fish</code>? Or might he "never" be able to crack the password because he doesn't know the <code>secret_key</code>, as it isn't stored in the database? I'm sorry if I'm not making any sense. I just always used <code>sha1</code> for passwords, and today I found these articles that talked about adding a <code>salt</code>.
Tags
<mysql><passwords><sha1>
Title
How do you securely store a user's password and salt in MySQL?
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USCommunity
UserOwnerUserId
1. This table or related slice is empty.
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
3. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
2. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POHow do you securely store a user's password and salt in MySQL?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTApproveEditSuggestion
2. VO
 singulars
 PostPostId
 POHow do you securely store a user's password and salt in MySQL?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POHow do you securely store a user's password and salt in MySQL?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.