salts(cryptography)
Table of Contents
1. Overview
Salts are random strings of data added to passwords before hashing to prevent pre-computed tables (rainbow tables) from cracking them.
How they work:
- User creates password.
- System generates unique salt.
- Salt is combined with password (e.g., appended).
- Combined value is hashed (e.g., using bcrypt or Argon2).
- Salt and hash are stored.
Caveats:
- Salts must be unique per user/password.
- Salt length should be cryptographically secure (e.g., 16 bytes).
- Salts don't protect against weak passwords or brute-force attacks on individual accounts.
Example:
- Without salt:
password
might always hash to5f4dcc3b...
. - With salt:
salt1password
hashes toa1b2c3d4...
whilesalt2password
hashes toe5f6g7h8...
, making rainbow tables ineffective.