Cryptography - Salt (init vector)

About

A salt is a text added to the password to make difficult an attack.

See also: Crypto - initialization vector (IV) or starting variable (SV)

The salt value is public (not secret) and should be generated at random for each new encryption stored with the password hash.

This means that two users with the same password will have different password hashes (assuming different salts are used).

Salts are closely related to the concept of nonce.

Both the salt value and the hashed password value are stored.

Characteristics

Random

A salt must not be:

  • the same for each user
  • hard coded (ie must be stored along the password and not in the code)

If the salt is:

  • unique, every user who inputs the same password will have the same hash.
  • unique and hard coded into the code, it can be extracted and a new rainbow table can be generated using that salt.

Large

A large salt value prevents precomputation attacks, including rainbow tables, by ensuring that each user's password is hashed uniquely.

The SHA2-crypt and bcrypt methods—used in Linux, BSD Unixes, and Solaris—have salts of 128 bits

Example

saltedhash(password) = hash(password || salt)

Or

saltedhash(password) = hash(hash(password) || salt)

Documentation / Reference





Discover More
Crypto - initialization vector (IV) or starting variable (SV)

Most block cipher modes require a unique binary sequence, often called an initialization vector (IV), for each encryption operation. same as salt ? An initialization vector (IV) is a data block that...
Data System Architecture
How to protect numerical Id ? (obfuscate, id encryption)

This page is how to obfuscate / protect a internal id. So that even if they are public, they cannot be guessed. This is mostly used to prevent guessing your data. For instance, you can estimate...
Java Conceptuel Diagram
Java - Crypto

in Java This problem may be caused by a bad key but this is also the case when you are not using the same salt. Solution: Save the salt along with the password
Rainbow Table (Password cracking)

A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Rainbow tables are one tool that has been developed to derive a password by looking...
Data System Architecture
Relational Table - Sequence

A sequence is a auxiliary relational data structure that maintains a sequence. Relational sequences are generally used to create a generated primary key via an incremental number. They may also be...
Data System Architecture
What is a Surrogate Primary key? known also as Substitute, Synthetic or Generated Key - Logical Data Modeling -

A surrogate key is a substitute primary key for when: the data entity are created in distributed way you don't have access to a central entity such as database to create a simple sequence you don't...



Share this page:
Follow us:
Task Runner