Where should salt hash values come from

hashingSecurity

When adding salt values to a hash value for something like a password that cannot be stored in plain text, what is the best place to get the salt values come from? For context, let us suppose this is for passwords on a webpage login.

Best Answer

I usually have a column created TIMESTAMP in a user table so I can see when the user registered. I don't like to add an additional column for Salt, so I use the timestamp column as salt:

SHA1(password + created)

Best Answer

Related Solutions

Security – How to Implement a Safe Password History

Related Topic