Is scrypt even implemented without a salt? If not, then it doesn't matter. And i... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ademarre on April 1, 2015 \| parent \| context \| favorite \| on: Enough with the Salts: Updates on Secure Password ... Is scrypt even implemented without a salt? If not, then it doesn't matter. And if so, why?

emn13 on April 2, 2015 [–]

Good point - it is implemented with a salt! However, the way that's done depends on the implemetation. The underlying KDF doesn't require nor generate a salt, so if you're implementing it client side, you'd need to ensure salting works.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact