globaloptima
No user record in our sample, but globaloptima has activity below (stories or comments). Likely we have partial data — the full bulk-load will fill profiles in.
No user record in our sample, but globaloptima has activity below (stories or comments). Likely we have partial data — the full bulk-load will fill profiles in.
I'll answer my own question, given the attacker wouldn't know how the salt was used unless they had access to the code, it doesn't matter.
Out of interest, where where the per-user salts stored I wonder? Where would people normally store this if not next to the hashed password in the same table?