B4J Question [MySQL] Salt length and Hash comparison methods

Cableguy

Expert
Licensed User
Longtime User
Hi guys...

So, back to this subject, i have 2 questions that I think are of some pertinence...

1- Given a variable length password, how long should the salt be? equal to the password lenght? fixed size? Random Size?
2-How can I check the hash against the user entered value (after retrieving the salt, and processing the hash) Without actually retrieving it from the remote database?
(I guess using a SELECT hash FROM table WHERE e-mail=value?)

Thanks for all input
 
Sort by date Sort by votes

Erel

B4X founder
Staff member
Licensed User
Longtime User
There is an example of login system in the online examples: https://www.b4x.com/android/forum/threads/webapp-web-apps-overview.39811/
The relevant code is in the DB module.

1. The salt length is not related to the password length.
2. You don't need to use the salt locally. You need to send the password or a hash of the password to the server and calculate the hash of both password and the salt on the server.

Note that the salt is not considered a secret value.
 
Upvote 0
You must log in or register to reply here.

Similar Threads

  • Question
B4J Question MySQL experts, come !!
2
Replies
26
Views
4K
LucaMs
C
  • Question
B4J Question Password SHA512 hash and salt
Replies
2
Views
3K
mindful
M
  • Question
B4J Question [RDC] retrieving a byte array (Salt) from the DB and "seeing" it
Replies
7
Views
1K
Cableguy
M
  • Article
B4J Code Snippet Password SHA512 hash and salt
Replies
0
Views
3K
mindful
M
S
  • Question
B4J Question Password Hashing
Replies
3
Views
2K
Squiffy
S
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…