I am learning about hashing and encryption and can’t seem to understand this:
Client: New user logs in => Creates password => Sent to a server in plain text
Server: Server generates a random "salt" => plain text and salt are unified => Hash function (e.g. SHA-3) hashes the password+salt into a hash => Hash is stored in DB.
Client: Same user logs out and logs in => Password sent to a server in plain text.
Server: Password needs to re-add the same salt it generated when creating the account to get the same hash.
How does the server generate that same random and unique salt?
Read more here: https://stackoverflow.com/questions/66278015/how-to-re-add-unique-salt-when-user-logs-in
Content Attribution
This content was originally published by Walter Monecke at Recent Questions - Stack Overflow, and is syndicated here via their RSS feed. You can read the original post over there.