You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A salt is only meant as a way to render using a rainbow table pointless and knowing it does not give you any advantage.
A typical user should not be able to see a command argument, if they can they are likely to find a way to also see environmental variables.
My point being, you can hide it from some users but you can't hide it from everyone because it's something your code needs to know and it's considered safe to store in plain text along the hash.
A salt is only meant as a way to render using a rainbow table pointless and knowing it does not give you any advantage.
Well as I've said above:
Sure, the salt isn't secret, but why "spreading" it unnecessarily?
A typical user should not be able to see a command argument, if they can they are likely to find a way to also see environmental variables.
At least under standard Linux distros, all process arguments are always visible to any other users.
My point being, you can hide it from some users but you can't hide it from everyone because it's something your code needs to know and it's considered safe to store in plain text along the hash.
Well you can't hide it from root or similar privileged users... but from any other normal users. But again, as said this would be just a minor improvement because as said, the salt isn't expected to be secret.
But this project seems anyway abandoned... so any discussion is rather pointless.
Hey.
It would be nice if the salt could alternatively be obtained from something else than a command argument (which is typically visible to any user).
Sure, the salt isn't secret, but why "spreading" it unnecessarily?
One could use a configurable environment variable and/or the 2nd line of standard input.
Thanks,
Chris.
The text was updated successfully, but these errors were encountered: