Francis, The hashpw function returns a hash with the salt prepended. So it contains both elements. (See for example explanation at: https://stackoverflow.com/questions/27413248/why-can-bcrypt-hashpw-be-used-both-for-hashing-and-verifying-passwords).
You can do the same thing here. Assuming you have a fixed size salt, just prepend it before the hash value. Since the salt is (should be) random, returning it's value does not weaken the security. Using a salt prevents against rainbow table attacks: pre-generated hash values for many possible passwords. (See https://en.wikipedia.org/wiki/Rainbow_table). Cheers, Erik -- View this message in context: http://forum.world.st/Validate-password-with-PBKDF2-tp4952973p4953067.html Sent from the Pharo Smalltalk Users mailing list archive at Nabble.com.
