Salting
Security+ 🏆 • Cryptography 🔒
•
Difficulty: free
Definition
Salting is the practice of adding a unique, random value to data before hashing it, most commonly when storing passwords. A salt makes identical inputs produce different hashes, which helps prevent rainbow table attacks and reduces the damage of password hash leaks.
Examples
- Two users choose the same password, but because each password is salted, their stored password hashes are different.
- A breached database contains salted password hashes, making precomputed rainbow tables ineffective.
Discover 🔎
When a database of password hashes is stolen, attackers often try to crack those hashes offline. If the system used unsalted hashes, attackers can use precomputed lists to crack huge numbers of passwords quickly, especially common ones. Salting is a simple idea that blocks that shortcut. It makes every stored hash unique, even when users pick the same password.
Remember: A salt is not a secret key. Its purpose is uniqueness, not secrecy.
Tip: The interactive version includes progress tracking, decks, and premium deep dives.