Salt (cryptography)

Salt (cryptography)

In cryptography, a salt consists of random bits, creating one of the inputs to a one-way function. The other input is usually a password or passphrase. The output of the one-way function can be stored (alongside the salt) rather than the password, and still be used for authenticating users. The one-way function typically uses a cryptographic hash function. A salt can also be combined with a password by a key derivation function such as PBKDF2 to generate a key for use with a cipher or other cryptographic algorithm.

In a typical usage for password authentication, the salt is stored along with the output of the one-way function, sometimes along with the number of iterations to be used in generating the output (for key stretching).

Early Unix systems used a 12-bit salt, but modern implementations use larger lengths from 48 to 128 bits.

Salt is closely related to the concept of nonce.

The benefit provided by using a salted password is making a lookup table assisted dictionary attack against the stored values impractical, provided the salt is large enough. That is, an attacker would not be able to create a precomputed lookup table (i.e. a rainbow table) of hashed values (password + salt), because it would require a large computation for each salt. A simple dictionary attack is still very possible, although much slower since it cannot be precomputed.