Avatar of Pete Winter
Pete Winter
Flag for United Kingdom of Great Britain and Northern Ireland

asked on 

PHP - Should Salt be stored in a database or code?

I am setting up password encryption using PHP blowfish.

The tutorial I am following suggests having individual user generated salts stored in the database instead of a single salt in the php code. I understand that individual salts for each user is good, but doesn't that mean that if a hacker got access to the database they would have access to both the hashed salt and hashed password? Isn't it safer to separate them. I have looked at Wordpress code and they seem to have the salt in the php wp-config.php file, unless I have missed something?

Which is better?

Avatar of undefined
Last Comment
Ray Paseur

8/22/2022 - Mon