Optimal password salt length
Posted
by Juliusz Gonera
on Stack Overflow
See other posts from Stack Overflow
or by Juliusz Gonera
Published on 2010-06-12T13:41:16Z
Indexed on
2010/06/12
13:42 UTC
Read the original article
Hit count: 302
I tried to find the answer to this question on Stack Overflow without any success.
Let's say I store passwords using SHA-1 hash (so it's 160 bits) and let's assume that SHA-1 is enough for my application. How long should be the salt used to generated password's hash?
The only answer I found was that there's no point in making it longer than the hash itself (160 bits in this case) which sounds logical, but should I make it that long? E.g. Ubuntu uses 8-byte salt with SHA-512 (I guess), so would 8 bytes be enough for SHA-1 too or maybe it would be too much?
© Stack Overflow or respective owner