这里的答案是问问自己，你真正想要保护的是什么?如果有人可以访问您的数据库，那么他们就可以访问加密的盐，并且他们可能也可以访问您的代码.有了这些，他们能解密加密的盐吗?如果是这样，那么无论如何加密几乎毫无用处.盐确实是用来制作它的，因此如果它被入侵，就不可能形成一个彩虹表来一次性破解整个密码数据库.从这个角度来看，只要每个 salt 都是唯一的，没有区别，就需要对你的 salt 或每个密码的加密 salt 进行暴力攻击.

The answer here is to ask yourself what you're really trying to protect from? If someone has access to your database, then they have access to the encrypted salts, and they probably have access to your code as well. With all that could they decrypt the encrypted salts? If so then the encryption is pretty much useless anyway. The salt really is there to make it so it isn't possible to form a rainbow table to crack your entire password database in one go if it gets broken into. From that point of view, so long as each salt is unique there is no difference, a brute force attack would be required with your salts or the encrypted salts for each password individually.