Skip to main content

Store salt values separately

Requirement#

The salt values used during the password hashing process must be stored separately from the hashed passwords.

Description#

Adding random salt to a password as part of the hashing process drastically increases the time required to crack that password. Salt values should be stored in a system different from the one in which hashed passwords are stored so that if the hashes are breached, an attacker still has to test every possible salt value in order to crack a single password.

References#