Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [salt]

Salt is unique (usually random) data passed into a hash function for password storage to avoid the possible usage of rainbow tables or similar attacks. Salt will not help against dictionary or brute force attacks, as the salt is usually stored together with the hash.

For symmetrical encryption, an is a similar concept.

224 questions
22
votes
5 answers

How come hash salt doesn't make a hash ineffective?

I am not a cryptography expert. I watched this video regarding hashing and salting as part of the course User Authentication With Express and Mongo in teamtreehouse.com. I understand from the video that a hash is a representation of a password…
user41937
5
votes
1 answer

Why not encrypt salt?

Assuming I had to distribute salt+ciphertext together over an insecure channel, isn't it better to store the salt encrypted? By encrypted I mean with a block cipher and with key and IV derived from the same passphrase used to encrypt the original…
file-encrypter-noob
  • 113
  • 3
5
votes
3 answers

How much bigger does a precomputed lookup table get when salt is added?

I am trying to wrap my head around the benefits of salt in cryptography. http://en.wikipedia.org/wiki/Salt_(cryptography) I understand that adding salt makes it harder to precompute a table. But exactly how much harder do things get with salt? It…
bernie2436
  • 151
  • 2
2
votes
2 answers

Usage of "Salt"

Can somebody explain how Salts should be stored in the database? How is the process of using Salt? I've read in a book that the Salt should be stored next to the hash table database. But what happens if the attacker steals both hash table and Salt…
Samuel Paz
  • 485
  • 1
  • 4
  • 6
2
votes
1 answer

Do we also have to transmit the salt with the ciphertext, in addition to the IV for authenticated point to point messaging?

Imagine a scenario whereby Alice and Bob have a symmetrical messaging system for talking with each other. It's effectively two polystyrene cups joined by a piece of string. Crucially, there is no central server, and nobody logs into nothing. They do…
Paul Uszak
  • 15,390
  • 2
  • 28
  • 77
1
vote
1 answer

How are salt values more secure?

If a database stores password encrypted by using salt values, how are they stored? I read somewhere, it uses timestamps. So is the timestamp also stored? How about when a user tries to login next time, then how are timestamps considered?
Vinnie
  • 105
  • 7
0
votes
1 answer

Which is the better way of generating a salt string?

Using T-SQL as per the snippets below, which method is superior (or is it a tie)? -- method 1: DIY SET @Salt = '' WHILE LEN(@Salt) < 72 BEGIN SET @Salt = @Salt + CHAR(CONVERT(INT, Floor(RAND() * (126.0 - 33 + 1) + 33))) END -- method 2:…
user84957
  • 1
0
votes
1 answer

Viability of an "Unconventional" Hashing Scheme?

I am playing around with the following hashing scheme: Start with a domain string (same for all users), Allow every user to mutate it in any way defining their own custom replacement rules, Append the user ID to the result of the above…
manzdagratiano
  • 3
  • 2
-1
votes
1 answer

Why it seems to me common to say that a hash salt is "random"?

I'm not a cryptography expert. In this video, and in some other places in the web, I saw hash salts are being called "random". But if the salt is created only once and then reused each time anew, that is, added before the password as H({S,P}) each…
user41937