Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • @orclev
    link
    English
    33 months ago

    That’s a pepper not a salt. A constant value added to the password that’s the same for every user is a pepper and prevents rainbow table attacks. A per-user value added is a salt and prevents a number of things, but the big one is being able to overwrite a users password entry with another known users password (perhaps with a SQL injection).