salts(cryptography)

Table of Contents

1. Overview

Salts are random strings of data added to passwords before hashing to prevent pre-computed tables (rainbow tables) from cracking them.

How they work:

  1. User creates password.
  2. System generates unique salt.
  3. Salt is combined with password (e.g., appended).
  4. Combined value is hashed (e.g., using bcrypt or Argon2).
  5. Salt and hash are stored.

Caveats:

  • Salts must be unique per user/password.
  • Salt length should be cryptographically secure (e.g., 16 bytes).
  • Salts don't protect against weak passwords or brute-force attacks on individual accounts.

Example:

  • Without salt: password might always hash to 5f4dcc3b....
  • With salt: salt1password hashes to a1b2c3d4... while salt2password hashes to e5f6g7h8..., making rainbow tables ineffective.
Tags::sec:cs: