Salt (Password)
A unique, random value mixed into a password before hashing so identical passwords produce different hashes, defeating precomputed rainbow tables and cross-account collisions.
A salt is a per-password random value (typically 16+ bytes) concatenated with the password before it hits the hash function. Two users with the same password get two completely different stored hashes, which kills the economics of rainbow tables and prevents an attacker from spotting password reuse across accounts in one stolen database. Salts are not secret; they are stored alongside the hash so the same derivation can be reproduced at verification time. Modern password hashing functions (Argon2, bcrypt, scrypt, PBKDF2) all take a salt parameter and bake it into their standard encoded output, so the application rarely has to handle salts directly.
Reference
Related terms
See also
Referenced on
- APR1 Generator
- Argon2 Hash Generator
- Bcrypt Generator & Verifier
- Django Password Hash Generator
- DNS Zone Walking at the TLD Level: How Attackers Discover Every Domain in a TLD
- DNS Zone Walking for Subdomain Enumeration: How NSEC Exposes Your Subdomains
- Drupal Password Hash Generator
- HTPasswd Generator Free Online
- Linux Shadow Hash Generator
- MySQL Password Hash Generator Free Online
- NTLM Hash Generator
- PBKDF2 Generator
- PostgreSQL Password Hash Generator
- WordPress Password Hash Generator