#geek #nerd #SecurityThoughts by Alice Wonder
When it comes to salts - if the same salt is to be used multiple times, the salt needs to be at least a 256-bit salt. I just use a base64 encoding of a 256-bit random number (44 characters including the = passing at end). There's nothing to be gained from special characters like }]# etc. - the entropy is what matters. Just generate a random 256-bit number and base64 (or hex) encode it.