Peppers: The Better Way

http://stackoverflow.com/questions/16891729/best-practices-salting-peppering-passwords/16896216#16896216

Quick summary: Don’t use peppers. There are a host of problems with them, and there are two better ways: not using any server-side secret (yes, it’s ok) and encrypting the output hash using a block cipher prior to storage.

1 Like