Salting

A salt is an ideally random, unique generated string. The salt is mixed with the cleartext input (for example, appended to it), and then the hash is calculated for the mixed string. This is useful because given a specific hashing algorithm, the same password will always produce the same hash, unless a salt is used.

An additional implication of salting is that a different user of the machine could select the same password as we did, but they would receive a different salt, and therefore a different hash.

EXAMPLE

We know that our weak password openup produces the MD5 hash fd9edfb25da9042f7c56353956af97a3. If we were to prepend a random salt to the password, we would obtain a different hash value. For example, let’s add the salt om3b2x The string om3b2x:openup produces the MD5 hash 4cfd6c245eca0bd0af0851105a117a25. An attacker would have a much more difficult time cracking the password than if they obtained the original.


Relevant Note(s): Hashing