📖 WIPIVERSE

🔍 Currently registered entries: 126,178건

Salt It

Salt It refers to the process of adding a unique, randomly generated string (the "salt") to a password before hashing it. This is a security measure used to protect passwords stored in databases from various attacks, particularly rainbow table attacks and dictionary attacks.

When a user creates a password, instead of directly hashing the password, a unique salt is generated for that specific password. The salt is then concatenated (joined) with the password, and the resulting combined string is hashed using a cryptographic hash function (such as SHA-256 or Argon2). Both the generated salt and the resulting hash are stored in the database.

When a user attempts to log in, the same salt that was originally generated for their password is retrieved from the database. This salt is then concatenated with the password they entered, and the combined string is hashed using the same hashing algorithm. The resulting hash is compared to the stored hash in the database. If the two hashes match, the user is authenticated.

The purpose of salting is to prevent attackers from pre-computing a massive table of hashes for common passwords (a "rainbow table"). Since each password has a unique salt, the attacker cannot use these pre-computed tables to easily determine the original password from the stored hash.

Salt values should be:

  • Unique: Each password should have its own unique salt.
  • Random: The salt should be generated using a cryptographically secure random number generator.
  • Sufficiently Long: The salt should be long enough to make rainbow table attacks computationally infeasible. A length of at least 16 bytes (128 bits) is generally recommended.
  • Stored with the Hash: The salt needs to be stored alongside the password hash so that it can be used during the authentication process.

Salting is an essential security practice for password storage. Without salting, even strong hashing algorithms can be vulnerable to attacks that exploit pre-computed hash tables. Combining salting with a strong, modern hashing algorithm like Argon2 or bcrypt provides a robust defense against password cracking.