This is an idiotic question, but... If password hashes are generated by: f(x) = crypt(password + salt), where "+" is concatenation, and only f(x) is stored, how is a server able to verify a user logging in when the salt always changes?
-
-
Yea I didn't think this question through... I was looking at the output of dovecot's password gen and got confused why the same password generated different hashes. Didn't occur to me that the salt was prepended onto the hash.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.