pepper in cryptography
tags: learning programming
content
- similar to salt, it’s added to the password
- but it’s not stored in db
- it’s treated the same way as other secrets
- stored in a secret file, kind of like a config, or like API keys
- because it’s like a config, it’s stored on a per application basis
- normally one pepper per application, or a few variants