Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

Salt

1 min read
Pronunciation
[sawlt]
Analogy
Imagine you have a secret recipe (your password). Before writing it down in a coded form (hashing it), you add a unique, randomly chosen secret ingredient (the salt) that only you know for that specific recipe. Even if someone else uses the exact same base recipe, their coded version will look completely different because they don't have your unique secret ingredient. Each time you use a password, a new 'secret ingredient' is used.
Definition
A random string of data that is added to an input (like a password) before it is hashed. Salts are used to prevent pre-computation attacks such as rainbow table attacks, ensuring that identical inputs produce different hashes.
Key Points Intro
Salts enhance password security by making pre-computed hash attacks ineffective.
Key Points

A unique, random value added to each password before hashing.

Ensures that two users with the same password will have different stored hash values.

Protects against rainbow table attacks (precomputed tables of hashes).

Typically stored alongside the hashed password in a database.

Example
When you create an account on a website, the system generates a unique salt for your password. It combines your password with this salt and then hashes the result. If another user happens to choose the same password, their password will be combined with a *different* unique salt, so the stored hash will be different, making it much harder for attackers who steal the database to crack passwords using precomputed lists.
Technical Deep Dive
A salt should be unique for each password and generated cryptographically randomly. When a user attempts to log in, the system retrieves their salt from the database, combines it with the entered password, hashes the result, and compares it to the stored hash. Because the salt is different for each user, an attacker cannot simply hash common passwords once and compare them against all entries in a stolen password database. They would have to re-compute hashes for each password guess *for each unique salt*, drastically increasing the computational cost of cracking passwords. Salts are distinct from peppers, which are system-wide secret keys added to passwords before hashing (providing an additional layer of security if the salt and hash database is compromised but the pepper remains secret).
Security Warning
Salts must be sufficiently long and random to be effective. Storing the salt publicly (e.g., in the same database record as the hashed password) is standard practice and does not compromise its effectiveness against pre-computation attacks, as its purpose is to ensure hash uniqueness, not to be a secret itself.
Related Terms
Hashing
Cryptography
Nonce

Salt - Related Articles

No related articles for this term.