Authentication - Unique Keys And Salts

"password123" → SHA256 → "ef92b778b..." (same for all users) With a salt, identical passwords become different:

| Attack Type | Without Salt | With Salt (unique per user) | |-------------|--------------|-----------------------------| | | Instant (lookup) | Useless – would need a table per user | | Precomputed hash | Effective | Completely ineffective | | Brute-force | Same cost for all users | Same cost, but cannot reuse across users | authentication unique keys and salts

// Generate an API key (32 bytes hex) function generateApiKey() return 'sk_' + crypto.randomBytes(32).toString('hex'); "password123" → SHA256 → "ef92b778b