Comments on: Common Password Salting

By: Marty Combs

Marty Combs — Wed, 07 Nov 2007 01:26:56 +0000

This is sometimes tricky to implement as password requirements can vary drastically from site to site. One site may not allow anything outside alphanumeric characters while another requires some form of punctuation. I have even come across some that want either a maximum number of characters or an exact number of characters in length (sad but true).

By: Atul M. Kulkarni

Atul M. Kulkarni — Tue, 05 Jun 2007 08:52:14 +0000

This is very useful information for any web user, it is very safe and secure to use these tricks for user names and passwords. Definitely it will help to keep u r accounts safe and secure.

By: Al Sutton

Al Sutton — Thu, 14 Sep 2006 06:33:09 +0000

The problem of loosing the database is a good point, but when you’re working in companies where any one of a number of techies could change the password then you get into trouble because your salting method will be different from the next guys, and that’s where problems start.

I’ve been working on a multi-user web based password safe which means theres only one database to backup/replicate for all of the IT department, and from the number of companies purchasing it I’d guess it’s the way things will go.

btw, if you’re interested the product is at http://www.argosytelcrest.com/eps.html

By: Koda

Koda — Mon, 20 Feb 2006 06:13:13 +0000

Internet Smarts: Password Salting…

Do you use salted passwords? Or are you currently asking yourself if you have heard the term before?
If so, do yourself (and your identity) a favor and take a look at SteveX’s “Common Password Salting,” a nice, succinct writeup on …

By: Chromakode

Chromakode — Mon, 20 Feb 2006 05:58:19 +0000

Well written and very good advice. I was not aware of the emergent problem of such password-abusing social networking sites, though the trick has been around for a long time! Salting is an excellent security practice, and really should become a part of common Internet safety. You give a good suggestion to choose letters at certain indexes, though I would suggest going a bit further, with more (4-5) unique letters in the password. That way, if one guesses the use of a salt, they will have a much harder time at cracking it. Nice post, I’ll be linking to it in my own blog. :)

By: stevex

stevex — Sun, 19 Feb 2006 13:47:47 +0000

The reason I don’t like programs like that is if I lose my password database, I’ve lost access to everything. Plus, it means that all your passwords are stored on your computer, so if someone breaks into your network (or steals your computer), you’re completely vulnerable. With this sort of salting algorithm, the password is in my head, yet it’s still unique for every site.

By: George V. Reilly

George V. Reilly — Sun, 19 Feb 2006 04:09:31 +0000

Good advice.

What I do, however, is to use a password manager program, which generates distinct strong passwords for each website and remembers them for me. I like KeePass, http://keepass.sf.net, but there are a number of such programs out there.