What is a Salt and How Does It Make Password Hashing More Secure?

Technology CommunityCategory: CryptographyWhat is a Salt and How Does It Make Password Hashing More Secure?
VietMX Staff asked 3 years ago

salt is a fixed-length cryptographically-strong random value that is added to the input of hash functions to create unique hashes for every input, regardless of the input not being unique. A salt makes a hash function look non-deterministic, which is good as we don’t want to reveal password duplications through our hashing.

The reason that salts are used is that people tend to choose the same passwords, and not at all randomly. Many used passwords out there are short real words, to make it easy to remember, but this also enables for a dictionary attack (Using a pre-arranged listing of words, such as the entries from the English dictionary, with their computed hash, the attacker easily compares the hashes from a stolen passwords table with every hash on the list. If a match is found, the password then can be deduced).

Salting is pointless if you don’t have a separate salt for each user. The point of salts is to make breaking the hashes a separate task for each user password; if the salt is the same for all of them then that’s not the case.