Table of Contents

About

A salt is a text added to the password to make difficult an attack.

See also: Crypto - initialization vector (IV) or starting variable (SV)

The salt value is public (not secret) and should be generated at random for each new encryption stored with the password hash.

This means that two users with the same password will have different password hashes (assuming different salts are used).

Salts are closely related to the concept of nonce.

Both the salt value and the hashed password value are stored.

Characteristics

Random

A salt must not be:

  • the same for each user
  • hard coded (ie must be stored along the password and not in the code)

If the salt is:

  • unique, every user who inputs the same password will have the same hash.
  • unique and hard coded into the code, it can be extracted and a new rainbow table can be generated using that salt.

Large

A large salt value prevents precomputation attacks, including rainbow tables, by ensuring that each user's password is hashed uniquely.

The SHA2-crypt and bcrypt methods—used in Linux, BSD Unixes, and Solaris—have salts of 128 bits

Example

saltedhash(password) = hash(password || salt)

Or 

saltedhash(password) = hash(hash(password) || salt)

Documentation / Reference