How to store the username in database under GDPR?












2















This is not a duplicate of How to handle emails as usernames under GDPR? because my question is related with performance.



I have an application that I want to make comply with GDPR.



My strategy for storing personal information is to encrypt it, but I am having a hard time figuring out how to handle usernames.



I have been searching for other questions, like this one, but I can't find any with the same problem I have.



My question is related to how I should store and validate the username in the database.



The approach I was thinking of is to have three columns:




  1. username_encrypted (encryption key will be outside the database and database will not have access to it)

  2. salt

  3. username_hash: hash(username+salt)


When I want to retrieve the username in plain text, I get the username_encrypted and I decrypt it.



When I want to validate the username, for each user in database, I must Option 1:




  1. Compute the hash using the user salt (the salt is different for each user) (hash(username+salt))

  2. Compare the result of the previous point with the username_hash column


So, my question is: Is there another way to achieve the same goal without computing the hash of all users? For a smaller database this may not be a problem. But for a bigger database this can have a big impact.



If it's relevant, the database I am using is PostgreSQL.



Validate the username Option 2 (see Nosajimiki answer/comment below):




  1. Have a global salt for all users and the column username_hash is computed with the global salt

  2. Compute the hash (hash(username+global_salt))

  3. Compare the result of previous line with column username_hash






database







share|improve this question













migrated from security.stackexchange.com Nov 14 '18 at 19:55


This question came from our site for information security professionals.














  • 1





    I don't think usernames are to be encrypted by GDPR...

    – ThoriumBR
    Nov 14 '18 at 17:10











  • An username my contain personal information. It is possible to create an username with your first and last name.

    – bruno.almeida
    Nov 14 '18 at 17:12






  • 1





    @bruno.almeida True, but if you are explicit about the username being exposed, people can choose whether to provide an identifiable string, or something else - this is commonly used for display names which are distinct from usernames.

    – Matthew
    Nov 14 '18 at 17:15











  • Possible duplicate of How to handle emails as usernames under GDPR?

    – ThoriumBR
    Nov 14 '18 at 17:16











  • @Matthew, in this case only administrator choose the username. An they will choose something like first and last name. So is a requirement to protect this information in database.

    – bruno.almeida
    Nov 14 '18 at 17:22
















2















This is not a duplicate of How to handle emails as usernames under GDPR? because my question is related with performance.



I have an application that I want to make comply with GDPR.



My strategy for storing personal information is to encrypt it, but I am having a hard time figuring out how to handle usernames.



I have been searching for other questions, like this one, but I can't find any with the same problem I have.



My question is related to how I should store and validate the username in the database.



The approach I was thinking of is to have three columns:




  1. username_encrypted (encryption key will be outside the database and database will not have access to it)

  2. salt

  3. username_hash: hash(username+salt)


When I want to retrieve the username in plain text, I get the username_encrypted and I decrypt it.



When I want to validate the username, for each user in database, I must Option 1:




  1. Compute the hash using the user salt (the salt is different for each user) (hash(username+salt))

  2. Compare the result of the previous point with the username_hash column


So, my question is: Is there another way to achieve the same goal without computing the hash of all users? For a smaller database this may not be a problem. But for a bigger database this can have a big impact.



If it's relevant, the database I am using is PostgreSQL.



Validate the username Option 2 (see Nosajimiki answer/comment below):




  1. Have a global salt for all users and the column username_hash is computed with the global salt

  2. Compute the hash (hash(username+global_salt))

  3. Compare the result of previous line with column username_hash






database







share|improve this question













migrated from security.stackexchange.com Nov 14 '18 at 19:55


This question came from our site for information security professionals.














  • 1





    I don't think usernames are to be encrypted by GDPR...

    – ThoriumBR
    Nov 14 '18 at 17:10











  • An username my contain personal information. It is possible to create an username with your first and last name.

    – bruno.almeida
    Nov 14 '18 at 17:12






  • 1





    @bruno.almeida True, but if you are explicit about the username being exposed, people can choose whether to provide an identifiable string, or something else - this is commonly used for display names which are distinct from usernames.

    – Matthew
    Nov 14 '18 at 17:15











  • Possible duplicate of How to handle emails as usernames under GDPR?

    – ThoriumBR
    Nov 14 '18 at 17:16











  • @Matthew, in this case only administrator choose the username. An they will choose something like first and last name. So is a requirement to protect this information in database.

    – bruno.almeida
    Nov 14 '18 at 17:22














2












2








2








This is not a duplicate of How to handle emails as usernames under GDPR? because my question is related with performance.



I have an application that I want to make comply with GDPR.



My strategy for storing personal information is to encrypt it, but I am having a hard time figuring out how to handle usernames.



I have been searching for other questions, like this one, but I can't find any with the same problem I have.



My question is related to how I should store and validate the username in the database.



The approach I was thinking of is to have three columns:




  1. username_encrypted (encryption key will be outside the database and database will not have access to it)

  2. salt

  3. username_hash: hash(username+salt)


When I want to retrieve the username in plain text, I get the username_encrypted and I decrypt it.



When I want to validate the username, for each user in database, I must Option 1:




  1. Compute the hash using the user salt (the salt is different for each user) (hash(username+salt))

  2. Compare the result of the previous point with the username_hash column


So, my question is: Is there another way to achieve the same goal without computing the hash of all users? For a smaller database this may not be a problem. But for a bigger database this can have a big impact.



If it's relevant, the database I am using is PostgreSQL.



Validate the username Option 2 (see Nosajimiki answer/comment below):




  1. Have a global salt for all users and the column username_hash is computed with the global salt

  2. Compute the hash (hash(username+global_salt))

  3. Compare the result of previous line with column username_hash






database







share|improve this question














This is not a duplicate of How to handle emails as usernames under GDPR? because my question is related with performance.



I have an application that I want to make comply with GDPR.



My strategy for storing personal information is to encrypt it, but I am having a hard time figuring out how to handle usernames.



I have been searching for other questions, like this one, but I can't find any with the same problem I have.



My question is related to how I should store and validate the username in the database.



The approach I was thinking of is to have three columns:




  1. username_encrypted (encryption key will be outside the database and database will not have access to it)

  2. salt

  3. username_hash: hash(username+salt)


When I want to retrieve the username in plain text, I get the username_encrypted and I decrypt it.



When I want to validate the username, for each user in database, I must Option 1:




  1. Compute the hash using the user salt (the salt is different for each user) (hash(username+salt))

  2. Compare the result of the previous point with the username_hash column


So, my question is: Is there another way to achieve the same goal without computing the hash of all users? For a smaller database this may not be a problem. But for a bigger database this can have a big impact.



If it's relevant, the database I am using is PostgreSQL.



Validate the username Option 2 (see Nosajimiki answer/comment below):




  1. Have a global salt for all users and the column username_hash is computed with the global salt

  2. Compute the hash (hash(username+global_salt))

  3. Compare the result of previous line with column username_hash






database




database






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 14 '18 at 16:48









bruno.almeidabruno.almeida

1,1861120




1,1861120




migrated from security.stackexchange.com Nov 14 '18 at 19:55


This question came from our site for information security professionals.









migrated from security.stackexchange.com Nov 14 '18 at 19:55


This question came from our site for information security professionals.










  • 1





    I don't think usernames are to be encrypted by GDPR...

    – ThoriumBR
    Nov 14 '18 at 17:10











  • An username my contain personal information. It is possible to create an username with your first and last name.

    – bruno.almeida
    Nov 14 '18 at 17:12






  • 1





    @bruno.almeida True, but if you are explicit about the username being exposed, people can choose whether to provide an identifiable string, or something else - this is commonly used for display names which are distinct from usernames.

    – Matthew
    Nov 14 '18 at 17:15











  • Possible duplicate of How to handle emails as usernames under GDPR?

    – ThoriumBR
    Nov 14 '18 at 17:16











  • @Matthew, in this case only administrator choose the username. An they will choose something like first and last name. So is a requirement to protect this information in database.

    – bruno.almeida
    Nov 14 '18 at 17:22














  • 1





    I don't think usernames are to be encrypted by GDPR...

    – ThoriumBR
    Nov 14 '18 at 17:10











  • An username my contain personal information. It is possible to create an username with your first and last name.

    – bruno.almeida
    Nov 14 '18 at 17:12






  • 1





    @bruno.almeida True, but if you are explicit about the username being exposed, people can choose whether to provide an identifiable string, or something else - this is commonly used for display names which are distinct from usernames.

    – Matthew
    Nov 14 '18 at 17:15











  • Possible duplicate of How to handle emails as usernames under GDPR?

    – ThoriumBR
    Nov 14 '18 at 17:16











  • @Matthew, in this case only administrator choose the username. An they will choose something like first and last name. So is a requirement to protect this information in database.

    – bruno.almeida
    Nov 14 '18 at 17:22








1




1





I don't think usernames are to be encrypted by GDPR...

– ThoriumBR
Nov 14 '18 at 17:10





I don't think usernames are to be encrypted by GDPR...

– ThoriumBR
Nov 14 '18 at 17:10













An username my contain personal information. It is possible to create an username with your first and last name.

– bruno.almeida
Nov 14 '18 at 17:12





An username my contain personal information. It is possible to create an username with your first and last name.

– bruno.almeida
Nov 14 '18 at 17:12




1




1





@bruno.almeida True, but if you are explicit about the username being exposed, people can choose whether to provide an identifiable string, or something else - this is commonly used for display names which are distinct from usernames.

– Matthew
Nov 14 '18 at 17:15





@bruno.almeida True, but if you are explicit about the username being exposed, people can choose whether to provide an identifiable string, or something else - this is commonly used for display names which are distinct from usernames.

– Matthew
Nov 14 '18 at 17:15













Possible duplicate of How to handle emails as usernames under GDPR?

– ThoriumBR
Nov 14 '18 at 17:16





Possible duplicate of How to handle emails as usernames under GDPR?

– ThoriumBR
Nov 14 '18 at 17:16













@Matthew, in this case only administrator choose the username. An they will choose something like first and last name. So is a requirement to protect this information in database.

– bruno.almeida
Nov 14 '18 at 17:22





@Matthew, in this case only administrator choose the username. An they will choose something like first and last name. So is a requirement to protect this information in database.

– bruno.almeida
Nov 14 '18 at 17:22












1 Answer
1






active

oldest

votes


















2














You can handle it a lot like a password. A login name when hashed with a site-wide salt can be checked by much like a password; you just need to verify it, you don't need to query it.



This is not the best practice for password storage per say since you will often find a lot of people using the same passwords, but for usernames, a site-wide salt should not expose any extra vulnerability since they should all be unique.



If you need to display the username after logging in. To do this, you could save the username a person types into a logon form as a session variable before you hash it. This way the Session remembers you are JohnSmith101 for as long as you are logged in, but the database only ever knows your hash.






share|improve this answer



















  • 1





    ...the problem with this is that, yes, you do need to query the username, if it's being used for login. Otherwise, you have no idea which user it actually belongs to - and what other data they have access to. Which means, if the scheme is similar to passwords, hashing it for every user queried. This is a problem on even small databases, given the standard that hashes be "slow", and quite impossible on databases of any real size.

    – Clockwork-Muse
    Nov 14 '18 at 18:00











  • The problem is not for every request, but at the login. Actually, to check the password i get the user row based on username. Then i hash the password and i compare it. But now i can not directly get the user row, because the username column is encrypted/hashed. To compare, i need to hash with the salt of all users or decrypt all username_encrypted

    – bruno.almeida
    Nov 14 '18 at 18:01











  • Just invert the order. Hash the username, then do a search for that. SO you don't search for JohnSmith123, you search for 78a6dc32...

    – Nosajimiki
    Nov 14 '18 at 18:08











  • @Nosajimiki, but the hash is created with a different salt for each user. So i must try to hash with all salt, to find the right hash. If there is no other alternative, that is what i will do. But my question is to find an alternative to that.

    – bruno.almeida
    Nov 14 '18 at 18:10






  • 1





    Oh yes, you would need a standard, site-wide salt. It's really not "best practice" to do that for passwords, but the only reason unique salts are more secure than a site-wide salt is because they prevent a single test from revealing more than one cracked password. Since usernames are unique, it does not matter (for any reasons that I know of) if you salt them individually or not.

    – Nosajimiki
    Nov 14 '18 at 18:24











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53307857%2fhow-to-store-the-username-in-database-under-gdpr%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









2














You can handle it a lot like a password. A login name when hashed with a site-wide salt can be checked by much like a password; you just need to verify it, you don't need to query it.



This is not the best practice for password storage per say since you will often find a lot of people using the same passwords, but for usernames, a site-wide salt should not expose any extra vulnerability since they should all be unique.



If you need to display the username after logging in. To do this, you could save the username a person types into a logon form as a session variable before you hash it. This way the Session remembers you are JohnSmith101 for as long as you are logged in, but the database only ever knows your hash.






share|improve this answer



















  • 1





    ...the problem with this is that, yes, you do need to query the username, if it's being used for login. Otherwise, you have no idea which user it actually belongs to - and what other data they have access to. Which means, if the scheme is similar to passwords, hashing it for every user queried. This is a problem on even small databases, given the standard that hashes be "slow", and quite impossible on databases of any real size.

    – Clockwork-Muse
    Nov 14 '18 at 18:00











  • The problem is not for every request, but at the login. Actually, to check the password i get the user row based on username. Then i hash the password and i compare it. But now i can not directly get the user row, because the username column is encrypted/hashed. To compare, i need to hash with the salt of all users or decrypt all username_encrypted

    – bruno.almeida
    Nov 14 '18 at 18:01











  • Just invert the order. Hash the username, then do a search for that. SO you don't search for JohnSmith123, you search for 78a6dc32...

    – Nosajimiki
    Nov 14 '18 at 18:08











  • @Nosajimiki, but the hash is created with a different salt for each user. So i must try to hash with all salt, to find the right hash. If there is no other alternative, that is what i will do. But my question is to find an alternative to that.

    – bruno.almeida
    Nov 14 '18 at 18:10






  • 1





    Oh yes, you would need a standard, site-wide salt. It's really not "best practice" to do that for passwords, but the only reason unique salts are more secure than a site-wide salt is because they prevent a single test from revealing more than one cracked password. Since usernames are unique, it does not matter (for any reasons that I know of) if you salt them individually or not.

    – Nosajimiki
    Nov 14 '18 at 18:24
















2














You can handle it a lot like a password. A login name when hashed with a site-wide salt can be checked by much like a password; you just need to verify it, you don't need to query it.



This is not the best practice for password storage per say since you will often find a lot of people using the same passwords, but for usernames, a site-wide salt should not expose any extra vulnerability since they should all be unique.



If you need to display the username after logging in. To do this, you could save the username a person types into a logon form as a session variable before you hash it. This way the Session remembers you are JohnSmith101 for as long as you are logged in, but the database only ever knows your hash.






share|improve this answer



















  • 1





    ...the problem with this is that, yes, you do need to query the username, if it's being used for login. Otherwise, you have no idea which user it actually belongs to - and what other data they have access to. Which means, if the scheme is similar to passwords, hashing it for every user queried. This is a problem on even small databases, given the standard that hashes be "slow", and quite impossible on databases of any real size.

    – Clockwork-Muse
    Nov 14 '18 at 18:00











  • The problem is not for every request, but at the login. Actually, to check the password i get the user row based on username. Then i hash the password and i compare it. But now i can not directly get the user row, because the username column is encrypted/hashed. To compare, i need to hash with the salt of all users or decrypt all username_encrypted

    – bruno.almeida
    Nov 14 '18 at 18:01











  • Just invert the order. Hash the username, then do a search for that. SO you don't search for JohnSmith123, you search for 78a6dc32...

    – Nosajimiki
    Nov 14 '18 at 18:08











  • @Nosajimiki, but the hash is created with a different salt for each user. So i must try to hash with all salt, to find the right hash. If there is no other alternative, that is what i will do. But my question is to find an alternative to that.

    – bruno.almeida
    Nov 14 '18 at 18:10






  • 1





    Oh yes, you would need a standard, site-wide salt. It's really not "best practice" to do that for passwords, but the only reason unique salts are more secure than a site-wide salt is because they prevent a single test from revealing more than one cracked password. Since usernames are unique, it does not matter (for any reasons that I know of) if you salt them individually or not.

    – Nosajimiki
    Nov 14 '18 at 18:24














2












2








2







You can handle it a lot like a password. A login name when hashed with a site-wide salt can be checked by much like a password; you just need to verify it, you don't need to query it.



This is not the best practice for password storage per say since you will often find a lot of people using the same passwords, but for usernames, a site-wide salt should not expose any extra vulnerability since they should all be unique.



If you need to display the username after logging in. To do this, you could save the username a person types into a logon form as a session variable before you hash it. This way the Session remembers you are JohnSmith101 for as long as you are logged in, but the database only ever knows your hash.






share|improve this answer













You can handle it a lot like a password. A login name when hashed with a site-wide salt can be checked by much like a password; you just need to verify it, you don't need to query it.



This is not the best practice for password storage per say since you will often find a lot of people using the same passwords, but for usernames, a site-wide salt should not expose any extra vulnerability since they should all be unique.



If you need to display the username after logging in. To do this, you could save the username a person types into a logon form as a session variable before you hash it. This way the Session remembers you are JohnSmith101 for as long as you are logged in, but the database only ever knows your hash.







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 14 '18 at 17:54









NosajimikiNosajimiki

6901511




6901511








  • 1





    ...the problem with this is that, yes, you do need to query the username, if it's being used for login. Otherwise, you have no idea which user it actually belongs to - and what other data they have access to. Which means, if the scheme is similar to passwords, hashing it for every user queried. This is a problem on even small databases, given the standard that hashes be "slow", and quite impossible on databases of any real size.

    – Clockwork-Muse
    Nov 14 '18 at 18:00











  • The problem is not for every request, but at the login. Actually, to check the password i get the user row based on username. Then i hash the password and i compare it. But now i can not directly get the user row, because the username column is encrypted/hashed. To compare, i need to hash with the salt of all users or decrypt all username_encrypted

    – bruno.almeida
    Nov 14 '18 at 18:01











  • Just invert the order. Hash the username, then do a search for that. SO you don't search for JohnSmith123, you search for 78a6dc32...

    – Nosajimiki
    Nov 14 '18 at 18:08











  • @Nosajimiki, but the hash is created with a different salt for each user. So i must try to hash with all salt, to find the right hash. If there is no other alternative, that is what i will do. But my question is to find an alternative to that.

    – bruno.almeida
    Nov 14 '18 at 18:10






  • 1





    Oh yes, you would need a standard, site-wide salt. It's really not "best practice" to do that for passwords, but the only reason unique salts are more secure than a site-wide salt is because they prevent a single test from revealing more than one cracked password. Since usernames are unique, it does not matter (for any reasons that I know of) if you salt them individually or not.

    – Nosajimiki
    Nov 14 '18 at 18:24














  • 1





    ...the problem with this is that, yes, you do need to query the username, if it's being used for login. Otherwise, you have no idea which user it actually belongs to - and what other data they have access to. Which means, if the scheme is similar to passwords, hashing it for every user queried. This is a problem on even small databases, given the standard that hashes be "slow", and quite impossible on databases of any real size.

    – Clockwork-Muse
    Nov 14 '18 at 18:00











  • The problem is not for every request, but at the login. Actually, to check the password i get the user row based on username. Then i hash the password and i compare it. But now i can not directly get the user row, because the username column is encrypted/hashed. To compare, i need to hash with the salt of all users or decrypt all username_encrypted

    – bruno.almeida
    Nov 14 '18 at 18:01











  • Just invert the order. Hash the username, then do a search for that. SO you don't search for JohnSmith123, you search for 78a6dc32...

    – Nosajimiki
    Nov 14 '18 at 18:08











  • @Nosajimiki, but the hash is created with a different salt for each user. So i must try to hash with all salt, to find the right hash. If there is no other alternative, that is what i will do. But my question is to find an alternative to that.

    – bruno.almeida
    Nov 14 '18 at 18:10






  • 1





    Oh yes, you would need a standard, site-wide salt. It's really not "best practice" to do that for passwords, but the only reason unique salts are more secure than a site-wide salt is because they prevent a single test from revealing more than one cracked password. Since usernames are unique, it does not matter (for any reasons that I know of) if you salt them individually or not.

    – Nosajimiki
    Nov 14 '18 at 18:24








1




1





...the problem with this is that, yes, you do need to query the username, if it's being used for login. Otherwise, you have no idea which user it actually belongs to - and what other data they have access to. Which means, if the scheme is similar to passwords, hashing it for every user queried. This is a problem on even small databases, given the standard that hashes be "slow", and quite impossible on databases of any real size.

– Clockwork-Muse
Nov 14 '18 at 18:00





...the problem with this is that, yes, you do need to query the username, if it's being used for login. Otherwise, you have no idea which user it actually belongs to - and what other data they have access to. Which means, if the scheme is similar to passwords, hashing it for every user queried. This is a problem on even small databases, given the standard that hashes be "slow", and quite impossible on databases of any real size.

– Clockwork-Muse
Nov 14 '18 at 18:00













The problem is not for every request, but at the login. Actually, to check the password i get the user row based on username. Then i hash the password and i compare it. But now i can not directly get the user row, because the username column is encrypted/hashed. To compare, i need to hash with the salt of all users or decrypt all username_encrypted

– bruno.almeida
Nov 14 '18 at 18:01





The problem is not for every request, but at the login. Actually, to check the password i get the user row based on username. Then i hash the password and i compare it. But now i can not directly get the user row, because the username column is encrypted/hashed. To compare, i need to hash with the salt of all users or decrypt all username_encrypted

– bruno.almeida
Nov 14 '18 at 18:01













Just invert the order. Hash the username, then do a search for that. SO you don't search for JohnSmith123, you search for 78a6dc32...

– Nosajimiki
Nov 14 '18 at 18:08





Just invert the order. Hash the username, then do a search for that. SO you don't search for JohnSmith123, you search for 78a6dc32...

– Nosajimiki
Nov 14 '18 at 18:08













@Nosajimiki, but the hash is created with a different salt for each user. So i must try to hash with all salt, to find the right hash. If there is no other alternative, that is what i will do. But my question is to find an alternative to that.

– bruno.almeida
Nov 14 '18 at 18:10





@Nosajimiki, but the hash is created with a different salt for each user. So i must try to hash with all salt, to find the right hash. If there is no other alternative, that is what i will do. But my question is to find an alternative to that.

– bruno.almeida
Nov 14 '18 at 18:10




1




1





Oh yes, you would need a standard, site-wide salt. It's really not "best practice" to do that for passwords, but the only reason unique salts are more secure than a site-wide salt is because they prevent a single test from revealing more than one cracked password. Since usernames are unique, it does not matter (for any reasons that I know of) if you salt them individually or not.

– Nosajimiki
Nov 14 '18 at 18:24





Oh yes, you would need a standard, site-wide salt. It's really not "best practice" to do that for passwords, but the only reason unique salts are more secure than a site-wide salt is because they prevent a single test from revealing more than one cracked password. Since usernames are unique, it does not matter (for any reasons that I know of) if you salt them individually or not.

– Nosajimiki
Nov 14 '18 at 18:24




















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53307857%2fhow-to-store-the-username-in-database-under-gdpr%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Xamarin.iOS Cant Deploy on Iphone

Image
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } -1 I have a windows laptop and a mac mini my problem is that It wont deploy on iphone if I use Visual Studio Xamarin on windows to install my app, but it works fine with Visual Studio For Mac. Here's what I get after build succeded on Visual Studio Xamarin on windows : 1>------ Build started: Project: FinalCustomerApp.iOS, Configuration: Debug iPhone ------ 1> Connecting to Mac server 192.168.8.100... 1> FinalCustomerApp.iOS -> C:UsersJeremy PaulDesktopFinalCustomerAppFinalCustomerAppFinalCustomerApp.iOSbiniPhoneDebugFinalCustomerApp.iOS.exe 1> Detected signing identity: 1> Code Signing Key: &quo
Read more

Glorious Revolution

Image
"The Bloodless Revolution" redirects here. For a history of the vegetarian movement, see The Bloodless Revolution (book). This article is about the English revolution of 1688. For the revolution of 1868 in Spain, see Glorious Revolution (Spain). For other uses, see Glorious Revolution (disambiguation). Glorious Revolution The Prince of Orange lands at Torbay Date 1688–1689 Location British Isles Also known as Revolution of 1688 War of the English Succession Bloodless Revolution Participants English, Welsh and Scottish society, Dutch forces Outcome Replacement of James II by William III and Mary II Jacobite rising of 1689 Williamite War in Ireland War with France; England and Scotland join Grand Alliance Drafting of the Bill of Rights 1689 Part of a series on the History of England Timeline Prehistoric Britain Roman Britain Sub-Roman Britain Medieval period Economy in the Middle Ages Anglo-Saxon period
Read more

Dulmage-Mendelsohn matrix decomposition in Python

Image
0 Matlab has a function called dmperm that computes the so-called Dulmage–Mendelsohn decomposition of a n x n matrix. From wikipedia, the Dulmage–Mendelsohn is a partition of the vertices of a bipartite graph into subsets, with the property that two adjacent vertices belong to the same subset if and only if they are paired with each other in a perfect matching of the graph. Looking both on scipy and numpy, I could not find this function, nor some similar version. Is it possible to implement it using basic linear algebra operations? Any idea if this is implemented in some Python package? python matlab linear-algebra graph-theory matrix-decomposition share | improve this question
Read more