In cryptography, a salt consists of random bits, creating one of the inputs to a one-way function. The other input is usually a password or passphrase. The output of the one-way function can be stored (alongside the salt) rather than the password, and still be used for authenticating users. The one-way function typically uses a cryptographic hash function. A salt can also be combined with a password by a key derivation function such as PBKDF2 to generate a key for use with a cipher or other cryptographic algorithm.
In a typical usage for password authentication, the salt is stored along with the output of the one-way function, sometimes along with the number of iterations to be used in generating the output (for key stretching).
Early Unix systems used a 12-bit salt, but modern implementations use larger lengths from 48 to 128 bits.
Salt is closely related to the concept of nonce.
The benefit provided by using a salted password is making a lookup table assisted dictionary attack against the stored values impractical, provided the salt is large enough. That is, an attacker would not be able to create a precomputed lookup table (i.e. a rainbow table) of hashed values (password + salt), because it would require a large computation for each salt. A simple dictionary attack is still very possible, although much slower since it cannot be precomputed.
Other articles related to "salt, salts":
... algorithm, including the generation of unique "salt values, is adequate ... Saltsalso help protect against rainbow tables as they, in effect, extend the length and potentially the complexity of the password ... an 8-byte password, and 2-byte salt is effectively a 10-byte password) and complexity (non-alphanumeric saltincreases the complexity of strictly ...
Famous quotes containing the word salt:
“Come, dear children, let us away;
Down and away below!
Now my brothers call from the bay,
Now the great winds shoreward blow,
Now the salt tides seaward flow;
Now the wild white horses play,
Champ and chafe and toss in the spray.”
—Matthew Arnold (18221888)