 | This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages)
|
&sq=Google&lang=en&file=File:Question_book-new.svg){kind=small}
In cryptography, a salt is random data fed as an additional input to a one-way function that hashes data, a password or passphrase.[1] Salting helps defend against attacks that use precomputed tables (e.g. rainbow tables), by vastly growing the size of table needed for a successful attack.[2][3][4] It also helps protect passwords that occur multiple times in a database, as a new salt is used for each password instance.[5] Additionally, salting does not place any burden on users.
Typically, a unique salt is randomly generated for each password. The salt and the password (or its version after key stretching) are concatenated and fed to a cryptographic hash function, and the output hash value is then stored with the salt in a database. The salt does not need to be encrypted, because knowing the salt would not help the attacker.[5]
Salting is broadly used in cybersecurity, from Unix system credentials to Internet security.
Salts are related to cryptographic nonces.
- ^ Fenton, James L.; Grassi, Paul A.; Garcia, Michael E. (June 2017). "NIST Special Publication 800-63-3" (PDF). NIST Technical Series Publications.
- ^ Anderson, Ross (2020). Security engineering: a guide to building dependable distributed systems (Third ed.). Indianapolis, Indiana. ISBN 978-1-119-64281-7. OCLC 1224516855.
{{cite book}}: CS1 maint: location missing publisher (link) - ^ Godwin, Anthony (10 September 2021). "Passwords Matter". The Bug Charmer (Blog). Retrieved 2016-12-09.
- ^ Boneh, Dan; Shoup, Victor (January 4, 2020). A Graduate Course in Applied Cryptography (PDF). pp. 693–695.
- ^ a b Rosulek, Mike (January 3, 2021). "Chapter 11: Hash Functions" (PDF). The Joy of Cryptography. pp. 204–205.