Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [salt]

Salt is unique (usually random) data passed into a hash function for password storage to avoid the possible usage of rainbow tables or similar attacks. Salt will not help against dictionary or brute force attacks, as the salt is usually stored together with the hash.

For symmetrical encryption, an is a similar concept.

232 questions
150
votes
5 answers

What is a cryptographic "salt"?

I'm a beginner to cryptography and looking to understand in very simple terms what a cryptographic "salt" is, when I might need to use it, and why I should or should not use it. Can I get a very simple and clear (beginner level) explanation? If you…
Bhavik Ambani
  • 1,631
  • 2
  • 15
  • 12
25
votes
2 answers

Definition of "pepper" in hash functions

I am confused about the notion of "pepper" in the context of storing hashes of users' passwords. Definition 1: A pepper is a secret key Looking around the Internet, for example here or here, a pepper is frequently defined to be a fixed and randomly…
Malte Skoruppa
  • 545
  • 9
  • 13
25
votes
3 answers

Should you change salt when changing password?

Assume a password storage scheme using a computationally-expensive hash algorithm and a CSPRNG salt. User ID, salt, and hash value are stored in a table; if the table is compromised, all three values are available to an adversary. Is there any…
Bob Brown
  • 353
  • 3
  • 12
24
votes
6 answers

PBKDF2 and salt

I want to ask some questions about the PBKDF2 function and generally about the password-based derivation functions. Actually we use the derivation function together with the salt to provide resistance against the dictionary attacks, right? One…
thrylos_7
  • 341
  • 1
  • 2
  • 3
24
votes
4 answers

Necessity of Randomness of Salts?

Given the desire to have unique salts for each user of your system, is it actually necessary to create a cryptographically-random salt for each user? If your system already has some other unique user identifier (be it an ID, user-name, or an Email…
GWLlosa
  • 659
  • 1
  • 6
  • 8
22
votes
5 answers

How come hash salt doesn't make a hash ineffective?

I am not a cryptography expert. I watched this video regarding hashing and salting as part of the course User Authentication With Express and Mongo in teamtreehouse.com. I understand from the video that a hash is a representation of a password…
user41937
20
votes
4 answers

Is there a standard for OpenSSL-interoperable AES encryption?

Many AES-encrypted things (files, strings, database entries, etc.) start with "Salted__" ("U2FsdGVkX1" in base64). I hear it's some sort of OpenSSL interoperability thing: a b c. Is there some standard reference somewhere (perhaps an RFC?) that…
David Cary
  • 5,744
  • 4
  • 22
  • 35
18
votes
3 answers

How can a random salt for a hash function work in practice?

I understand the theory behind the use salts in hash functions, but when I see it implemented, the implementations always generate the salt on the fly and the salt appears to be different for every hash. When implementing a salt for users signing…
Corey Ogburn
  • 851
  • 7
  • 18
16
votes
2 answers

Can a salt for a password hash be public?

From my understanding, salts in password hashes are used to prevent the precomputation of plaintext→hash values (rainbow tables). I know from different threads that it is unnecessary to keep the salt secret (i.e., it doesn't need to be encrypted),…
Chris
  • 335
  • 3
  • 7
14
votes
2 answers

Do I have to have a different salt for each password?

Should I use a different salt for each password? In my system, there are no user names, only passwords. When a user logins in, he types in one or more passwords and the server compares the results of the password(s) hashed many times (PBKDF2) for…
Eyal
  • 405
  • 1
  • 4
  • 13
14
votes
2 answers

Use of salt to hash a password

In a few implementations of hashed passwords, I have seen that the length of the random salt is chosen to be, say, 10 or "some constant". Is there any specific reason why the salt is chosen to have a fixed length? Can a smart attacker take advantage…
hrishikeshp19
  • 319
  • 2
  • 10
13
votes
3 answers

Salting when encrypting?

I was attending a database encryption session at a developers conference. The presenter (who was a published author on the subject) said that MS SQL Server did not support salted hashes in the database, but it does support salting with encryption.…
Jim McKeeth
  • 931
  • 1
  • 8
  • 16
13
votes
2 answers

If attacker knows salt and hash, how is salt effective?

Maybe I'm missing something, but if my salt and hashed/salted password are stored in the same place, how is salting any more secure than just hashing? Does this just rely on attackers not knowing how the salt is incorporated into the hash?
Clint Powell
  • 233
  • 2
  • 5
12
votes
2 answers

Why do some key derivation functions (like PBKDF2) use a salt?

Let me start by explaining my understanding of the various concepts involved in this question: Salt: Random bytes of data used as secondary input for a password hashing function, like so: hashfunc(, ) -> And both the
Aran-Fey
  • 222
  • 2
  • 8
12
votes
1 answer

Why x00 is usually avoided in salt?

In .NET Framework, there is a cryptographic Random Number Generator (RNG) provider which enables to generate a cryptographically strong sequence of random bytes. This provider contain, among others, two methods: GetBytes which generates a sequence…
Arseni Mourzenko
  • 223
  • 1
  • 6
1
2 3
15 16