Salts are considered public in terms of if they are leaked it's not damaging in ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		xxpor on April 18, 2013 \| parent \| context \| favorite \| on: MusicBrainz Password Leak Salts are considered public in terms of if they are leaked it's not damaging in and of itself. The entire purpose of them is to prevent people with the same password having the same password hash. Now if the salt was your name or something that's a different problem.

elithrar on April 18, 2013 [–]

> The entire purpose of them is to prevent people with the same password having the same password hash.

... which helps prevent against the use of existing rainbow tables, as the hash from site A won't be the same as site B, even if the underlying password is the same.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact