[Catalyst] Security issue with hashed passwords in C:P:A:Password
lists at evancarroll.com
Tue Mar 23 20:17:17 GMT 2010
The purpose of salt is to reduce the ability for a single (pre-calculated)
rainbow table of passwords and hashes to compromise the whole store. If
your salt isn't a random function, or specific to the user there is no
benefit in the salt...
This is broken implementation. Hard coding salt in a config file only
protects you from a rainbow table without that salt. It still doesn't
solve the problem of cached hashings.
System Lord of the Internets
More information about the Catalyst