DEV Community

Discussion on: Do password rules impact security?

Collapse
 
antonfrattaroli profile image
Anton Frattaroli

I wonder what a cost/benefit would look like for keeping salts in a separate database from the hashes. Would be helpful to know more about the specifics of large intrusions.

Thread Thread
 
perttisoomann profile image
Pert Soomann

I don't know that much about cryptography to really make valid argument either way.

I imagine in some ways you will have a lot more to worry about with race conditions where one DB is in sync, the other isn't.