A penetration tester discovered a code repository and noticed passwords were hashed before they were stored in the database with the following code:
salt = 'saltl23'
hash = hashlib.pbkdf2_hmac('sha256', plaintext, salt, 10000)
The penetration tester recommended the code be updated to the following:
salt = os.urandom(32)
hash = hashlib.pbkdf2_hmac('sha256', plaintext, salt, 10000)
Which of the following steps should the penetration tester recommend?
IamBlackFire
8 months, 3 weeks agosparseyyy
9 months, 2 weeks agowdmssk
10 months ago