Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
969 views
in Technique[技术] by (71.8m points)

hash - What are Salt Rounds and how are Salts stored in Bcrypt?

I'm trying to configure Bcrypt for a node app that I'm making and have several questions about salts that I hope someone here can help kindly answer.

  • What is a salt 'round'? For example, in the github docs (https://github.com/kelektiv/node.bcrypt.js/) it uses a salt round of 10. What does that mean exactly?

  • Is the salt generated by Bcrypt always the same? For example, if I am saving user's hashed passwords to a DB, is the salt that it used to hash the password the same for every password?

  • How is the salt stored? Is it secure from potential attacks?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
  1. With "salt round" they actually mean the cost factor. The cost factor controls how much time is needed to calculate a single BCrypt hash. The higher the cost factor, the more hashing rounds are done. Increasing the cost factor by 1 doubles the necessary time. The more time is necessary, the more difficult is brute-forcing.
  2. The salt is a random value, and should differ for each calculation, so the result should hardly ever be the same, even for equal passwords.
  3. The salt is usually included in the resulting hash-string in readable form. So with storing the hash-string you also store the salt. Have a look at this answer for more details.

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...