8👍
Why django uses ‘random’ salt beside ‘one’ salt string?
Because if you would have one salt you could generate rainbow tables for your database easier than when there are random salts.
If you would like to generate rainbow tables to decrypt django hashes you would have to generate tables for each different salt in database. Generating of rainbow tables take very long time, it’s just brute force or dictionary attack.
Why django stores it in same column with password hash?
I don’t know what are you specifically asking about but there are probably 2 answers.
-It’s stored because someone designed it that way. It could be on salt field and it wouldn’t matter.
-When user send password via form django join salt to string and than calculate sha1 and check if it match the one in db.
4👍
The random salt prevents using a rainbow table to quickly decrypt all passwords in the table. Instead they have to do each one separately.
- [Django]-Setting up Django website on a shared hosting
- [Django]-Python: how to use variables as a string?
- [Django]-Django slug field in Arabic and other foreign languages
1👍
The practice of salting a password is intended to make it more difficult for an attacker to brute-force crack the passwords you’ve stored. More info.