B4J Question [MySQL] Salt length and Hash comparison methods

Cableguy

Expert
Licensed User
Hi guys...

So, back to this subject, i have 2 questions that I think are of some pertinence...

1- Given a variable length password, how long should the salt be? equal to the password lenght? fixed size? Random Size?
2-How can I check the hash against the user entered value (after retrieving the salt, and processing the hash) Without actually retrieving it from the remote database?
(I guess using a SELECT hash FROM table WHERE e-mail=value?)

Thanks for all input
 

Erel

Administrator
Staff member
Licensed User
There is an example of login system in the online examples: https://www.b4x.com/android/forum/threads/webapp-web-apps-overview.39811/
The relevant code is in the DB module.

1. The salt length is not related to the password length.
2. You don't need to use the salt locally. You need to send the password or a hash of the password to the server and calculate the hash of both password and the salt on the server.

Note that the salt is not considered a secret value.
 
Top