I try to understand where to store password salts. Every question here doesn’t help me to understand where to store them. Should it be saved into the database as an extra column per user or should it be saved somewhere else? I’m asking this because if the is user performing a login then my program need to know the correct password and the salt is a random value.
“saved into the database as an extra column per user” will do
Password salts are like unique keys for each user’s password stored in a super secure vault—your database. They mix in with the password before hashing, adding an extra layer of protection, like sprinkling magic dust on something valuable. These salts are right there in the database, sitting next to the hashed passwords, so when a user logs in, the system grabs this special key, combines it with the entered password, and then checks if they match the stored password. But here’s the deal: that database needs to be a fortress, like, superhero-level security, to keep these keys safe. Just think of salts as personalized bodyguards for your passwords, making it tough for sneaky hackers to crack ’em. They’re not secrets, they’re just unique bodyguards doing their job.