B4J Question [MySQL] Salt length and Hash comparison methods

Cableguy

Cableguy

Expert
Licensed User
Longtime User
Hi guys...

So, back to this subject, i have 2 questions that I think are of some pertinence...

1- Given a variable length password, how long should the salt be? equal to the password lenght? fixed size? Random Size?
2-How can I check the hash against the user entered value (after retrieving the salt, and processing the hash) Without actually retrieving it from the remote database?
(I guess using a SELECT hash FROM table WHERE e-mail=value?)

Thanks for all input
 
Sort by date Sort by votes
Erel

Erel

B4X founder
Staff member
Licensed User
Longtime User
There is an example of login system in the online examples: https://www.b4x.com/android/forum/threads/webapp-web-apps-overview.39811/
The relevant code is in the DB module.

1. The salt length is not related to the password length.
2. You don't need to use the salt locally. You need to send the password or a hash of the password to the server and calculate the hash of both password and the salt on the server.

Note that the salt is not considered a secret value.
 
Upvote 0
You must log in or register to reply here.

Similar Threads

KMatle
  • Article
B4J Code Snippet [B4x] AES-256 encryption with salt and iv (works with all platforms like php, .net, etc.)
Replies
9
Views
10K
Hamied Abou Hulaikah
H
DonManfred
  • Article
B4J Library BCrypt - Create salted Hashes (compatible with PHP)
Replies
0
Views
3K
DonManfred
DonManfred
Cableguy
  • Question
B4J Question [RDC] retrieving a byte array (Salt) from the DB and "seeing" it
Replies
7
Views
1K
Cableguy
Cableguy
M
  • Article
B4J Code Snippet Password SHA512 hash and salt
Replies
0
Views
2K
mindful
M
Douglas Farias
  • Question
B4J Question string to sha256 + salt
Replies
1
Views
3K
Douglas Farias
Douglas Farias
Top