Questions tagged [salt]

A salt is a random addition to a password to make the hashed password less susceptible to a lookup table attack

In cryptography, a salt consists of random bits, creating one of the inputs to a one-way hashing function. The other input is usually a password or passphrase. This salt can be stored with the hashed password.

The benefit provided by using a salted password is making a lookup table assisted dictionary attack against the stored values impractical, provided the salt is large enough.

378 questions
15
votes
3 answers

How to authenticate a salted password?

If only the password hash is stored and the user inputs the original password, how does the program know that it is correct? I guess it could check all the possible salts but if there are 32bit salts then the program has to check all 2^32 salts…
Charles
  • 151
  • 1
  • 1
  • 3
3
votes
3 answers

where to store the salt for "crypto_pwhash" in a web application with no local storage

I am developing a web application which stores encrypted data on a server. I want to derive the encryption key as well as the login key from a single user password, so I want to use libsodiums crypto_pwhash to generate a long enough key, that I can…
Nathan
  • 361
  • 1
  • 11
2
votes
4 answers

Random salt - necessary for a single user?

Based on: https://security.stackexchange.com/a/33520/42220 and https://security.stackexchange.com/a/41630/42220 I can see the benefits of a completely random salt per user. If I am implementing an application that will only ever be used by one user…
1
vote
1 answer

Does recalculating per-user salt every time a user changes password make any difference?

I have set it up so that when my users change their password, the salt is recomputed. Besides hiding the fact that they may change their password to the same thing (I am checking that by first hashing their new pwd with the old salt) it doesn't…
JoSSte
  • 149
  • 10
1
vote
0 answers

Salt id number within the WSN

I am working on a project in wireless sensor networks security, and I would like to use a salt number as id for my nodes within the network. does anyone know how to do it?
1
vote
2 answers

At what table size does salt reuse make rainbow tables cost effective?

While I know that salt should never be reused, I'm interested in whether it is a significant problem if we only have a small number of hashes for which it is reused. So let's say we have a table with N password hashes for which the same salt is…
sashoalm
  • 587
  • 1
  • 4
  • 12