The password is salted, yes. The salt is added to the password before hashing, to ensure that the hash isn’t useable in a rainbow table attack. Because the salt is randomly generated each time you call the function, the resulting password hash is also different. The returned hash includes the generated salt so that can … Read more
The point of the salt is to be unique. The salt is meant to prevent attack cost sharing, i.e. an attacker trying to attack two hashed passwords for less than the twice the cost of attacking one. One solution to ensure uniqueness is to generate a random salt in a wide enough space. Therefore, getting … Read more
How about taking another approach or angle at this problem? Ask why the password is required to be in plaintext: if it’s so that the user can retrieve the password, then strictly speaking you don’t really need to retrieve the password they set (they don’t remember what it is anyway), you need to be able … Read more