Secure password storing • • 8/13

Salting the soup

By salting we understand the addition of a random character string to the password, before calculating the hash-value. A salt should contain at least 20 characters.

$hash = SHA256($password + "k32duem01vZsQ2lB8g0s");

Of course, now we have to store the salt together with the hash-value in the database, so we can use the same salt to verify a login. The salt is not a secret, and can be stored plaintext in the database.