1Eyl
Do salts have to be random, or just unique and unknown?
First of all, my objective is to avoid storing the salt in the database as plain text. As far as this question is concerned, the salt is not stored in the database.
After discussion in comments and in chat, I've come up with a theory:
It appears that using domain_name + user ID alongside a pepper will provide a sufficient combination of randomness and uniqueness.
Would a method such as this provide just as much security as a random salt without having to store a designated salt in the database as plain text?
