I believe the salt should be different per record (and stored on the record).
The reason for this is so that if two records have the same password and using the same salt, then the encrypted value will be the same.
An attacker could check for records that are using the same password and perform a dictionary attack, as it is likely they are using an insecure password.
For this reason, it would be good to allow the salt to be different per record.
I believe the salt should be different per record (and stored on the record).
The reason for this is so that if two records have the same password and using the same salt, then the encrypted value will be the same.
An attacker could check for records that are using the same password and perform a dictionary attack, as it is likely they are using an insecure password.
For this reason, it would be good to allow the salt to be different per record.