basically you have to store h(password+salt) and salt in the database. If some user tries to log in, you'll get his plain-text password. Then you get the salt of the user from you database, generate the hash of the password+salt, and if its the same as the stored hash, the authentication was successful.
This is more secure than a basic hashed password, because it makes mass-bruteforcing from the hash a bit harder, because the attacker has to guess both the salt and the actual password. However, this does not make bruteforcing a single password harder, if the salts are public (or known to the attacker). It also makes rainbow-tables useless, which are massive lists of pregenerated hashes for common passwords
在我的情况下,我将散列(盐+密码)和盐存储在数据库中,当用户提供登录名和密码时,我得到盐,添加到提供的密码,然后散列并与存储的散列密码进行比较来自数据库. 如果相等/正确,我会重新生成一个新盐并存储,然后将新盐添加到正确的密码中,然后散列并存储。