Salt only in cookies or in database too

  • Resolved zanex87

    (@zanex87)


    9 months, 3 weeks ago

    Hi,

    I have been experimenting with this plugin for the past few hours. Every password that I have set and checked the hash in my database on the web server is possible to be reverse engineered without the salt strings. I simply put it in john the ripper and with a dictionary attack it picks out the password from a wide list with the plugin enabled. I assumed with the hash that because the hash is different compared to the original password that pentesting tools wouldn’t be able to crack it.

    Does this plugin only salt the password in cookies or does it also add a salt to the stored hash too.

    Kind regards,
    Alex

Viewing 1 replies (of 1 total)
  • Plugin Author Nagdy

    (@nagdy)

    Hi Alex,

    First off, thank you for reaching out and for experimenting with the Salt Shaker plugin.

    Salt Shaker enhances security by regularly changing the WordPress security keys and salts defined in the wp-config.php file.

    Regarding your question, Salt Shaker primarily impacts the security keys and salts for cookies, not the password hashing mechanism used by WordPress for storing user passwords in the database.

    I hope this clarifies the role of Salt Shaker in your site’s security strategy. If you have any further questions or need assistance, please don’t hesitate to reach out.

Viewing 1 replies (of 1 total)
  • The topic ‘Salt only in cookies or in database too’ is closed to new replies.