Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Salt (cryptography)
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Example == Without a salt, identical passwords will map to identical hash values, which could make it easier for a hacker to guess the passwords from their hash value. {| class="wikitable" ! Username ! String to be hashed ! Hashed value = [[SHA256]] |- |<code>user1</code> |<code>'''password123'''</code> |<code>EF92B778BAFE771E89245B89ECBC08A44A4E166C06659911881F383D4473E94F</code> |- |<code>user2</code> |<code>'''password123'''</code> |<code>EF92B778BAFE771E89245B89ECBC08A44A4E166C06659911881F383D4473E94F</code> |} Instead, a salt is generated and appended to each password, which causes the resultant hash to output different values for the same original password. {| class="wikitable" ! Username ! Salt value ! String to be hashed ! Hashed value = [[SHA256]] (Password + Salt value) |- |<code>user1</code> |<code>D;%yL9TS:5PalS/d</code> |<code>'''password123'''D;%yL9TS:5PalS/d</code> |<code>9C9B913EB1B6254F4737CE947EFD16F16E916F9D6EE5C1102A2002E48D4C88BD</code> |- |<code>user2</code> |<code>)<,-<U(jLezy4j>*</code> |<code>'''password123''')<,-<U(jLezy4j>*</code> |<code>6058B4EB46BD6487298B59440EC8E70EAE482239FF2B4E7CA69950DFBD5532F2</code> |} The salt and hash are then stored in the database. To later test if a password a user enters is correct, the same process can be performed on it (appending that user's salt to the password and calculating the resultant hash): if the result does not match the stored hash, it could not have been the correct password that was entered. In practice, a salt is usually generated using a [[Cryptographically_secure_pseudorandom_number_generator|Cryptographically Secure PseudoRandom Number Generator]]. CSPRNGs are designed to produce unpredictable random numbers which can be alphanumeric. While generally discouraged due to lower security, some systems use timestamps or simple counters as a source of salt. Sometimes, a salt may be generated by combining a random value with additional information, such as a timestamp or user-specific data, to ensure uniqueness across different systems or time periods.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)