Editing Salt (cryptography) (section)

==Common mistakes==

===Salt re-use===
Using the same salt for all passwords is dangerous because a precomputed table which simply accounts for the salt will render the salt useless. 

Generation of precomputed tables for databases with unique salts for every password is not viable because of the computational cost of doing so. But, if a common salt is used for all the entries, creating such a table (that accounts for the salt) then becomes a viable and possibly successful attack.<ref>{{Cite web|title=Secure Salted Password Hashing - How to do it Properly|url=https://crackstation.net/hashing-security.htm|access-date=2021-03-19|website=crackstation.net}}</ref>

Because salt re-use can cause users with the same password to have the same hash, cracking a single hash can result in other passwords being compromised too.

===Salt length===

If a salt is too short, an attacker may precompute a table of every possible salt appended to every likely password. Using a long salt ensures such a table would be prohibitively large.<ref>{{Cite book |last1=Menezes |first1=Alfred J. |title=Handbook of Applied Cryptography |last2=Oorschot |first2=Paul C. van |last3=Vanstone |first3=Scott A. |publisher=CRC Press |year=1997 |isbn=0-8493-8523-7 |pages=288}}</ref><ref name="superidolsalts
.net">{{cite web|url=https://crackstation.net/hashing-security.htm#salt|title=Secure Salted Password Hashing - How to do it Properly}}</ref>  16 bytes (128 bits) or more is generally sufficient to provide a large enough space of possible values, minimizing the risk of collisions (i.e., two different passwords ending up with the same salt).