Difference between SALT and KEY. Encryption

Question

Alright, so im trying to learn a little about Encrypting messages in my java application. I just found out that SALT and KEY aren't the same.

Can someone help me understand what the difference between the two is?

Answer 1

The key is, crudely, the equivalent of a password; you use it to encrypt a message, and then the same key gets used to decrypt it back to the original plaintext. (Well, it gets a little more complex, once you have public and private keys, and so on.)

A salt is most typically encountered with cryptographic hash functions, not encryption functions. The idea is that rather than hashing just your data (e.g. a password), you hash data+salt, where salt is typically a randomly-generated string. They have (at least) two purposes:

• To foil an attacker who has access to the hashed data from identifying a collision using a rainbow table.
• To slow down an attacker who's trying a brute-force attack.

Answer 2

The key is essentially the password with which you lock the original content.

To make the password more difficult to reverse engineer, you can add a salt to the produced encryption.

---

To give an obviously simple example, lets say you want to encrypt a character string. Your encryption routine is to reverse the word. So, for the string "Hello, World", after running encryption, your string would be "dlroW ,olleH". You could then add a salt to it. In this example, the salt will be "foo", so the result after salting would be "dlroW ,olleHfoo". Now, if someone managed to reverse engineer your encryption algorithm, they'd get "oofHello World", which is not the original message, and thus your information is still safe!

This really comes into use when you iteratively encrypt, eg,
result = salt + encrypt(salt+encrypt(salt+encrypt(message))).