so say I store a salted password like so…
salted_pass = hash_pass + random_salt
then I save both the salted pass and salt into the DB. how does this add protection? If a hacker steals the db, he can just strip the salt and get the hash pass by itself and do a rainbow attack on it.
am I missing something?
The idea of salts is
salted_pass = hash(pass + salt)
or
salted_pass = hash(salt + pass)
Not how you do it. Indeed how you do it doesn’t add any security at all
ahhhh now it all makes sense
