Salted Password Validation in PHP
On crackstation.net it is stated:
To Validate a Password
Retrieve the user's salt and hash from the database.
Prepend the salt to the given password and hash it using the same hash
function.
Compare the hash of the given password with the hash from the
database. If they match, the password is correct. Otherwise, the
password is incorrect.
However in the source code listed at the bottom of the page, I can't
figure out how the validate_password function takes into account the salt.
I mean where is the salt prepended to the given password?
No comments:
Post a Comment