Salt (cryptography)
Random data used as an additional input to a hash function / From Wikipedia, the free encyclopedia
Dear Wikiwand AI, let's keep it short by simply answering these key questions:
Can you list the top facts and stats about Salt (cryptography)?
Summarize this article for a 10 year old
In cryptography, a salt is random data fed as an additional input to a one-way function that hashes data, a password or passphrase.[1] Salting helps defend against attacks that use precomputed tables (e.g. rainbow tables), by vastly growing the size of table needed for a successful attack.[2][3][4] It also helps protect passwords that occur multiple times in a database, as a new salt is used for each password instance.[5] Additionally, salting does not place any burden on users.
![]() | This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)
|
The way salting is typically done is that a new salt is randomly generated for each password. The salt and the password (or its version after key stretching) are concatenated and fed to a cryptographic hash function, and the output hash value is then stored with the salt in a database. The salt does not need to be encrypted, because knowing the salt would not help the attacker.[5]
Salting is broadly used in cybersecurity, from Unix system credentials to Internet security.
Salts are related to cryptographic nonces.