Menu
Is there a significance to the word "salt" for a password salt?
657
The "salt" is used to make two otherwise equal passwords encrypt differently. This way, an intruder can't efficiently use a dictionary attack against a whole list of encrypted passwords. The (shared) "secret" is added before hashing a message, so that an intruder can't create his own messages and have them accepted.
Salting is simply the addition of a unique, random string of characters known only to the site to each password before it is hashed, typically this “salt” is placed in front of each password. The salt value needs to be stored by the site, which means sometimes sites use the same salt for every password.
It is standard practice not to keep the salt secret but to save it with the password hashed verifier. If the salt is not secret a brute force search is possible if the password is weak such as being on a list of frequent passwords. One example source of such frequent passwords is SecLists.
A salt is a piece of random data added to a password before it is hashed and stored. Adding a salt to stored passwords is a security process used alongside the hashing of passwords before they are stored.
Maybe because salt goes well with hash?
116
http://www.derkeiler.com/Newsgroups/comp.security.misc/2003-05/0154.html
The use of the word "salt" is probably a reference to warfare in ancient times, when people would salt the wells or farmland to make it less hospitable. The Romans are sometimes supposed to have done this to Carthage in 146 BC. In the context of passwords, a "salted" password is harder to crack.
Apparently, there's no strong evidence even for the original "salting" of Carthage (http://en.wikipedia.org/wiki/Salting_the_earth) claim, but an interesting hypothesis nonetheless.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
