I'm using the golang.org/x/crypto/bcrypt package for storing passwords. Looking at documentation and other SO questions, it seems like I'm not supposed to (or at least don't have to) generate a salt for the password before I generate the hash. This seems counter to everything that I've read about cryptography and modern password storing, and makes me a bit nervous. Is it really secure enough to just pass the user's normal password into bcrypt.GenerateFromPassword
, or am I reading things wrong?
真的不需要为bcrypt生成盐吗?
- 写回答
- 好问题 0 提建议
- 追加酬金
- 关注问题
- 邀请回答
-
1条回答 默认 最新
- duangou1868 2016-04-07 22:05关注
The bcrypt package generates the salt for the application. The return value from GenerateFromPassword encodes the cost, salt and hash of the password.
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏 举报
悬赏问题
- ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
- ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
- ¥30 截图中的mathematics程序转换成matlab
- ¥15 动力学代码报错,维度不匹配
- ¥15 Power query添加列问题
- ¥50 Kubernetes&Fission&Eleasticsearch
- ¥15 報錯:Person is not mapped,如何解決?
- ¥15 c++头文件不能识别CDialog
- ¥15 Excel发现不可读取的内容
- ¥15 关于#stm32#的问题:CANOpen的PDO同步传输问题