Reply to post: Salt free

Clock blocker: Woman sues bosses over fingerprint clock-in tech

Kevin McMurtrie Silver badge

Salt free

You can't salt a single component that performs both identification and authentication. The salt has to be exactly reproducible for each person or the final hash can't be matched to anything. This is why the world is based on at least two components of authentication. The first component is your public ID, and that is used to retrieve a secret salt value and hashed verification from a database. The second component is your secret verification, which is hashed with the salt then compared against the stored value. This can't work when you're trying to identify and authenticate with just a fingerprint.

All salt does is prevent bulk hash reversal. Hashes can still sometimes be reversed, but the process must be repeated for each unique salting value.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020