PhpRiot
News Archive
PhpRiot Newsletter
Your Email Address:

More information

Properly Salting Passwords, The Case Against Pepper

Note: This article was originally published at Planet PHP on 18 April 2012.
Planet PHP
The other day I announced the release of my new password hashing library, PasswordLib. As I've come to expect, Reddit was full of interesting commentary on the topic. Some was good, some was bad and some surprised me. What surprised me was the insistence on a global salt (otherwise known as a "pepper"). So, I started thinking about it some more, and I figured I'd write a post on why I don't use peppers in my hashing algorithms (and why you may want to rethink it too).Read more A