EPFL Logo
fr|en
Login
Concept

Salt (cryptography)

Summary
In cryptography, a salt is random data fed as an additional input to a one-way function that hashes data, a password or passphrase. Salting helps defend against attacks that use precomputed tables (e.g. rainbow tables), by vastly growing the size of table needed for a successful attack. It also helps protect passwords that occur multiple times in a database, as a new salt is used for each password instance. Additionally, salting does not place any burden on users. The way salting is typically done is that a new salt is randomly generated for each password. The salt and the password (or its version after key stretching) are concatenated and fed to a cryptographic hash function, and the output hash value is then stored with the salt in a database. The salt need not be encrypted, because knowing the salt would not help the attacker. Salting is broadly used in cybersecurity, from Unix system credentials to Internet security. Salts are related to cryptographic nonces. Suppose we have the following data: For each password instance, we randomly generate a salt and append it to the password. Then, we hash the result. We store the salt and the hash value, but not the plaintext password, in a database. As shown above, different salts create very different hash values, even when the plaintext passwords are exactly the same! Without a salt, identical passwords map to identical hash values, making it easier for hackers to guess the passwords from the hash value: Using the same salt for all passwords is dangerous because a precomputed table which simply accounts for the salt will render the salt useless. Generation of precomputed tables for databases with unique salts for every password is not viable because of the computational cost of doing so. But, if a common salt is used for all the entries, creating such a table (that accounts for the salt) then becomes a viable and possibly successful attack. Because salt re-use can cause users with the same password to have the same hash, cracking a single hash can result in other passwords being compromised too.
Official source
About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Copyright © 2024 EPFL, all rights reserved