Salted Secure Hash Algorithm (SALT)

Salted secured hash algorithm helps protect password hashes against dictionary attacks by introducing additional randomness. Password hash salting is when random data – a salt – is used as an additional input to a hash function that hashes a password. The goal of salting is to defend against dictionary attacks or attacks against hashed passwords using a rainbow table.

To salt a password hash, a new salt is randomly generated for each password. The salt and the password are concatenated and then processed with a cryptographic hash function. The resulting output (but not the original password) is stored with the salt in a database.

Since salts do not have to be memorized by humans they can make the size of the rainbow table required for a successful attack prohibitively large. Since salts are different in each password, they also protect commonly used passwords or those who use the same password on several sites, by making all salted hash instances for the same password different from each other.

Frequently Asked Questions
What is CSPRNG?

A cryptographically secure pseudo-random number generator or cryptographic pseudo-random number generator is a pseudo-random number generator with properties that make it suitable for use in cryptography.

What is the difference between Hashing and Salting?

Hashing transforms data of arbitrary size into data that is of a fixed size and probabilistically unique. Salting is when a random number -a salt – is incorporated into the data that is inputted into the hash function.

What does hashing a password means?

Hashing a password means taking a plaintext password and transforming it into a unique and concise string that represents the password in a way that does not reveal any information about the password itself.

What is a Nonce in cryptography?

A nonce is a random value, similar to a salt. A nonce by definition is used only once whereas as salt might be used multiple times.

What is the difference between a fixed SALT and a Reused SALT?

A fixed salt is when a programmer uses the same salt for every hashed password. Fixed salt is, therefore, a salt that is reused.