Under review

non permanent saved Salt (Master Key on Login)

7 years ago • updated by 7 years ago • 3

An Option to don't have the SALT permanently saved on the Server would be really great and increase Security a lot ...

One would enter a Master-Pass on Login - which is used (as part) of the SALT ...

bye from Austria

Andreas Schnederle-Wagner

Vote

Replies 3
Oldest first
- Newest first
- Oldest first

Under review

7 years ago

Not sure I have understood.

Do you mean the main SALT or the user's one?

7 years ago

I mean the MAIN SALT (or a part of it) ... imagine the Server get's compromised ... then the Hacker has access to the SALT + DATABASE ... and can decrypt all Passwords as he wants ...

This would not be possible if the Main Salt isn't saved on the Server but only in Memory in the current Session ...

7 years ago

Yes such feature is possible.

Customer support service by UserEcho