Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community!
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.Start your free trial
Question on hashing and salt.
So in the video Kenneth describes the use of a salt to differentiate between accounts happening to use the same hashed password. In particular he cites an example of the account creation time being used as the salt as a possible unique identifier.
This makes sense so far, but, if I enter my password to log into say Amazon, or even here, I enter just that: a password (and email). I certainly wouldn't enter the time I signed up for the account, so the password that is entered by me and sent to Amazon's servers (and hashed by the site to then look up against its database) wouldn't match up the combined hashed password & salt right? Would the website not just utilise the email address as the salt?
Or am I other-thinking an example just presented for purposes of explaining the principles of hashing?
When you log into a website you also enter a unique user name along with a password. That user name can be used to look up both your hashed password and the salt in the database. See the answer here on storing salt in a database.
You wouldn't be entering the salt. If a clock were used the SQL in the database can read the server clock.