[WEB SECURITY] Salt Storage - web.config or database?

Brian Eaton eaton.lists at gmail.com
Fri Jun 2 09:55:11 EDT 2006


On 6/1/06, Marc-André Laverdière <ma_laver at ciise.concordia.ca> wrote:
> P.S. Make sure that you use a cryptographically strong random number
> generator. .NET should normally be having one of those

Does a salt actually need to be generated using a strong RNG?

Why?

- Brian

----------------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list