Salt

A salt, in the context of cryptography and password security, is a random value that is generated and combined with a user's password before it is hashed. The resulting combination of the salt and password is then hashed together. Salting is a crucial technique to enhance the security of stored passwords.

A salt is typically a random or pseudo-random value of a fixed length. It should be generated anew for each user and for each password. This randomness makes it unique for each user and each password instance.

When a user creates or changes their password, the system generates a salt and combines it with the user's password. This combined value (salt + password) is then hashed.

One of the primary reasons for using a salt is to defend against precomputed tables of password hashes, known as "rainbow tables." Rainbow tables contain a list of common passwords and their corresponding hash values. Without a salt, an attacker could easily look up the hash value in a rainbow table and identify the corresponding plain text password. By using salts, each password hash becomes unique, making it impractical to precompute tables for every possible salt.

Salting significantly enhances security because it ensures that even if two users have the same password, their hashed values will be different due to the unique salts applied to their passwords.

Salting also thwarts dictionary attacks, where attackers try a list of common passwords and hash them to compare against stored hashes. Without salts, attackers could quickly identify matching passwords from the hashes. The salt is stored alongside the hashed password in the database. When a user attempts to log in, the system retrieves the salt associated with their account, combines it with the entered password, hashes the result, and compares it to the stored hash.

The length of the salt can vary, but it is typically between 8 and 32 bytes. Longer salts provide added security.