What is salting in password security?
D5 ยท Crypto ยท CompTIA Security+ SY0-701Salting adds a unique random value (the salt) to each password before it is hashed. The salt is stored alongside the hash and makes identical passwords produce different hashes, defeating precomputed attacks.
Without salt: password "hunter2" always hashes to the same value โ rainbow table lookup works.
With salt: "hunter2" + random salt = unique hash every time โ rainbow tables useless.
Key stretching algorithms like bcrypt, scrypt, and Argon2 incorporate salting and make hashing computationally expensive to slow brute-force attacks.
Without salt: password "hunter2" always hashes to the same value โ rainbow table lookup works.
With salt: "hunter2" + random salt = unique hash every time โ rainbow tables useless.
Key stretching algorithms like bcrypt, scrypt, and Argon2 incorporate salting and make hashing computationally expensive to slow brute-force attacks.
Salts prevent rainbow table attacks and pre-computation. bcrypt/scrypt/Argon2 are the correct modern password hashing algorithms. MD5 and SHA-1 are NOT suitable for passwords โ too fast and unsalted by default.