{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 倾城 Initia 的问题《Is using a 'salt' all that good?》','https://www.manongdao.com/q-740500.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I don't claim to be an expert in security but it seems to me that adding a salt doesn't really make a huge difference.
For example, if the password of the user is john1970 and the salt is 123456, this means that the password is 123456john1970, while this makes things harder for an attacker (if using a dictionary attack, e.g. rainbow tables), the attacker could very possibly guess that the first part is a salt. I find using non-standard methods (like XORing with some key or applying a few simple mathematical operations to the codes of the characters) far more effective. I know most of you won't probably agree with me but but this seems to make more sense to me.
Your opinion?
Duplicate:
"attacker could very possibly guess that the first part is a salt. "
Really? How? How do they know where the salt ends and the user-supplied password begins? What's the rule for parsing salt out of a password?
Are you saying it's "obvious" because the salt is numeric? Then use base64 salt. Now how "obvious" is it?