Discover and read the best of Twitter Threads about #scrypt

Most recents (1)

I know you have heard of password #Salts which are similar to Nonces and used to add uniqueness to passwords and protect against pre-computed hashes (rainbow tables).

Did you also know about password #Peppers ? They are equally important too.
In modern web applications of today, you should #Pepper your passwords as well as #Salt them too before hashing them. Here is the order:

Original Password ---> Salt ---> Pepper ---> Hash ---> Store-In-DB.

However, if you #Pepper passwords wrongly. It could be very disastrous!
What do i mean by this ?

Well, the simplest (and safest - very important) way to #Pepper a password is to HMAC(Original_Password, key) it.

HMACs are resistant to length-extension attacks & brutes-force attacks.

There must be a #Pepper key used for the HMAC too
Read 16 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!