If you believe 1 is enough then +1 for me
Actually as it's only salt, I think it's ok
Jacques
From: "Adam Heath" <doo...@brainfood.com>
On 04/24/2012 07:49 AM, Paul Foxworthy wrote:
Hi Adam,
Maybe I'm missing something, but if the salt is a random length and might be
0 characters, doesn't that mean that some passwords, randomly, won't get the
benefit of a salt? Why not make the salt a fixed length, or a random length
with a reasonable minimum?
The key is that if you continously set the *same* password value, you
will get *different* crypted output. With no salt, the same output
will happen. Maybe I could have a minimum length of 1. The main
thing, however, is to make it more complex for crackers to use a
dictionary attack.
As for having a fixed or random length, it allows for having a few
more bits of randomness as part of the salt.