This does not make sense: if the pepper or the database is compromised, the better choice is to expire all passwords, and not just rotate the pepper. Since if information is leaked that may lead to reconstructing a password, it does not matter with which pepper the passwords are stored.
This does not make sense: if the pepper or the database is compromised, the better choice is to expire all passwords, and not just rotate the pepper. Since if information is leaked that may lead to reconstructing a password, it does not matter with which pepper the passwords are stored.