Cryptographic salt
In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes a password or passphrase. The primary function of salts is to defend against dictionary attacks and pre-computed rainbow table attacks.
A new salt is randomly generated for each password. In a typical setting, the salt and the password are concatenated and processed with a cryptographic hash function, and the resulting output (but not the original password) is stored with the salt in a database. Hashing allows for later authentication while defending against compromise of the plaintext password in the event that the database is somehow compromised.
Cryptographic salts are broadly used in many modern computer systems, from Unix system credentials to Internet security.

This is an excerpt from the article Cryptographic salt from the Wikipedia free encyclopedia. A list of authors is available at Wikipedia.
The article Cryptographic salt at en.wikipedia.org was accessed 399 times in the last 30 days. (as of: 11/20/2013)
Images on Cryptographic salt
Preview image:
Original:
Search results from Google and Bing
1
>30
1
Salt (cryptography) - Wikipedia, the free encyclopedia
In cryptography, a salt is random data that is used as an additional input to a one- way function that hashes a password or passphrase. The primary function of ...
en.wikipedia.org/wiki/Salt_(cryptography)
2
>30
2
encryption - Can you help me understand what a cryptographic "salt ...
Jan 30, 2012 ... I'm a beginner to cryptography and looking to understand in very simple terms what a cryptographic "salt" is, when I might need to use it, and ...
crypto.stackexchange.com/questions/1776/can-you-help-me-understand-what-a-cryptographic-salt-is
3
>30
3
cryptography - Password Hashing add salt + pepper or is salt ...
Apr 22, 2011 ... Like @WzeberaFFS said, there's no extra cryptographic strentgh coming from ' publishing' your salt like that. I'm thinking thought you're asking ...
security.stackexchange.com/questions/3272/password-hashing-add-salt-pepper-or-is-salt-enough
4
>30
4
Avoiding Password Breaches 101: Salt Your Hash – ReadWrite
Jun 7, 2012 ... Both hash and salt are cryptographic (code making or breaking) terms for functions that obfuscate passwords in a database, so they can't be ...
readwrite.com/2012/06/07/avoiding-password-breaches-101-salt-your-hash
5
>30
5
What is the difference between a cryptographic seed and salt? : crypto
Aug 7, 2013 ... I'm a beginner cryptographer, and am somewhat confused about the difference between the two. Could someone explain?
www.reddit.com/r/crypto/comments/1jx1n1/what_is_the_difference_between_a_cryptographic/
6
>30
6
Cryptographic signing | Django documentation | Django
¶. If you do not wish for every occurrence of a particular string to have the same signature hash, you can use the optional ...
docs.djangoproject.com/en/dev/topics/signing/
7
>30
7
What's the point of cryptographic salt if it's public? - Yahoo Answers
A salt doesn't necessarily protect you against a dictionary attack--just precalculated dictionary attacks (eg, rainbow tables). Rainbow tables are useful ...
answers.yahoo.com/question/index?qid=20130805162555AATk87z
8
>30
8
What does cryptography salt mean? - Yahoo Answers
OK, roughly ... It is a random number that is needed to access the encrypted data, along with the password. If an attacker does not know the password ...
answers.yahoo.com/question/index?qid=20090423113602AA5Jl6r
9
>30
9
ircmaxell's blog: Properly Salting Passwords, The Case Against ...
Apr 17, 2012 ... Therefore, the key is a cryptographic secret. In password hashing, the security of the algorithm is not impacted by the publicity of the salt.
blog.ircmaxell.com/2012/04/properly-salting-passwords-case-against.html
10
>30
10
How cryptographic salt works in linux - Ars Technica OpenForum
Apr 10, 2012 ... I understand the general concept of Cryptographic salt, but what I don't understand is ... That cryptographic hash is stored in the shadow file.
arstechnica.com/civis/viewtopic.php?f=16&t=1171622
Search results for "Cryptographic salt"
Google: approx. 297.000
Cryptographic salt in science
NaCl
NaCl (pronounced "salt") is a new easy-to-use high-speed software library for ... all of the core operations needed to build higher-level cryptographic tools. ... The core NaCl development team consists of Daniel J. Bernstein (University of Illinois  ...
[PDF]A Cryptography Application using Salt Hash Technique
Jun 20, 2013 ... Keywords: Salt, hashing, salt password, cryptography, SHA, web security. 1. ... 2&3Department of Computer Science, Sardar Patel University,.
[PDF]Anti-Disassembly using Cryptographic Hash Functions About the ...
John Aycock is an assistant professor at the University of Calgary in the Department .... In order to find a salt value, we simply compute the cryptographic hash of.
Cryptographic Salt: A Countermeasure against Denial-of-Service ...
Cryptographic salt: A Countermeasure against Denial-of-Service Attacks .... Information Security Research Centre, Queensland University of Technology, ...
[PDF]NaCl: Cryptography for the Internet - Peter Schwabe
Jan 21, 2013 ... Radboud University Nijmegen, The Netherlands. Joint work with ... Networking and Cryptography library (NaCl, pronounced “salt”). ▻ Aim: Fix ...
Salt (cryptography) - Wikipedia, the free encyclopedia
In cryptography, a salt is random data that is used as an additional input to a one- way function that hashes a password or passphrase. The primary function of ...
[PDF]Cryptographic Hash Functions - University of Waterloo
University of Waterloo ... Different from “provably-secure” cryptographic hash functions .... Forces attacker who doesn't know the salt a priori to compute all.
SJCL: a Javascript crypto library - Stanford Crypto Group
The Stanford Javascript Crypto Library is maintained on GitHub. ... SJCL was started by Emily Stark, Mike Hamburg and Dan Boneh at Stanford University.
BSc Mathematics, Cryptography and Network Security - University of ...
We enjoy particularly close links with California State University in Chico and the University of Utah in Salt Lake City, but our Study Abroad Office will help you ...
Mathematics, Cryptography and Network Security (with a ... - University
This 4-year mathematics, cryptography and network security degree ... with Utah State University (Salt Lake City, Utah) and California State University, Chico, but  ...
Books on the term Cryptographic salt
Computer Security and Cryptography
Computer Security and Cryptography
Alan G. Konheim, 2007
HIS CHAPTER describes several cryptographic applications: . The UNIX crypt(3) ... A Cryptographic salt consists of approximately 4096 1⁄4 212 randomly chosen bits, which are used to further “mix up” the Hash(UserPass_ID). The UNIX ...
TCP/IP Illustrated, Volume 1: The Protocols (2nd Edition) (Addison-Wesley Professional Computing Series)
TCP/IP Illustrated, Volume 1: The Protocols (2nd Edition) (Addison-Wesley Professional Computing Series)
Kevin R. Fall, 2011
“For an engineer determined to refine and secure Internet operation or to explore alternative solutions to persistent problems, the insights provided by this book will be invaluable.” —Vint Cerf, Internet pioneer TCP/IP Illustrated, Volume 1, Second Edition, is a detailed and visual guide to today’s TCP/IP protocol suite. Fully updated for the newe...
OS X Exploits and Defense: Own it...Just Like Windows or Linux!
OS X Exploits and Defense: Own it...Just Like Windows or Linux!
Paul Baccas, Kevin Finisterre, Larry H., 2011
Like kitchen salt, Cryptographic salt adds flavor to the mix. It effectively extends the length of the password, and potentially extends both its complexity and entropy. The simple addition of Salt, which adds random bits to the cryptographic  ...
Hacking Web Apps: Detecting and Preventing Web Application Security Problems
Hacking Web Apps: Detecting and Preventing Web Application Security Problems
Mike Shema, 2012
How can an information security professional keep up with all of the hacks, attacks, and exploits on the Web? One way is to read Hacking Web Apps. The content for this book has been selected by author Mike Shema to make sure that we are covering the most vicious attacks out there. Not only does Mike let you in on the anatomy of these attacks, but h...
Dynamic Cryptographic Hash Functions
Dynamic Cryptographic Hash Functions
William Robert Speirs (II.), 2007
5.5 Provisions for Adding Salt A salt value helps to prevent precomputation of collisions for a specific hash function. While the security parameter attempts to provide this type of security, the domain of the security parameter may not be large ...
Official (ISC)2 Guide to the SSCP CBK, Second Edition ((ISC)2 Press)
Official (ISC)2 Guide to the SSCP CBK, Second Edition ((ISC)2 Press)
2010
The (ISC)²® Systems Security Certified Practitioner (SSCP®) certification is one of the most important credentials an information security practitioner can have. Having helped thousands of people around the world obtain this distinguished certification, the bestselling Official (ISC)2 Guide to the SSCP CBK® has quickly become the book that many of ...
Professional Ruby on Rails
Professional Ruby on Rails
Noel Rappin, 2008
If you aren't familiar with encryption and passwords, then the inclusion of a user data attribute called salt probably raised ... Salt is a cryptographic term for a random or semi-random sequence that is input to a cryptographic algorithm along with ...
Cryptographic Protocol: Security Analysis Based on Trusted ...
Cryptographic Protocol: Security Analysis Based on Trusted ...
Ling Dong, Kefei Chen, 2012
Each password, upon initial entry, may be augmented with a t-bit random string called a salt before applying the one-way function. Both the hashed password and the salt are recorded in the password file. When the user subsequently enters a ...
Hacking Exposed Windows: Microsoft Windows Security Secrets and Solutions, Third Edition
Hacking Exposed Windows: Microsoft Windows Security Secrets and Solutions, Third Edition
Joel Scambray, 2007
The latest Windows security attack and defense strategies"Securing Windows begins with reading this book." --James Costello (CISSP) IT Security Specialist, Honeywell Meet the challenges of Windows security with the exclusive Hacking Exposed "attack-countermeasure" approach. Learn how real-world malicious hackers conduct reconnai...
Development of Google searches


Blog posts on the term
Cryptographic salt
passwords - Salt usage for Spring security? - Information Security Stack Exchange
security.stackexchange.com/questions/47276/salt-usage-for-spring-security
Troy Hunt: OWASP Top 10 for .NET developers part 7: Insecure Cryptographic Storage
This entire series is now available as a Pluralsight course. And also as a free eBook.
www.troyhunt.com/2011/06/owasp-top-10-for-net-developers-part-7.html
Hack of MacRumors forums exposes password data for 860,000 users (Wired UK)
MacRumors user forums have been breached by hackers who may have acquired cryptographically protected passwords belonging to all 860,000 users, one of the top editors of the news website said Tuesday evening
www.wired.co.uk/news/archive/2013-11/13/mac-rumours-forums-hacked
from one year to the next yz | 9to5Fresh
“The change is incredible, it really is, from one year to the next,” Miller said during a stop on Arizona’s “Road Tour” at Chase Field. “I don’t believe it’s (just) in the Pac12, I don’t think it’s in the state of Arizona.
www.9to5fresh.com/2014/01/from-one-year-to-the-next-yz/
How to store user passwords using variable length random salt bytes with secure SHA512 cryptographic hashing functions - Nikhil Singhal's Blog - Site Home - MSDN Blogs
blogs.msdn.com/b/nikhilsi/archive/2012/05/27/how-to-store-user-passwords-using-variable-length-random-salt-bytes-with-secure-sha512-cryptographic-hashing-functions.aspx
Anatomy of a password disaster – Adobe’s giant-sized cryptographic blunder | Naked Security
Learn how cryptanalysts think, and why cryptographers feel such terrible dismay when companies that really ought to know better make mammoth mistakes. Paul Ducklin deconstructs the data leaked in Adobe's latest megabreach...
nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/
Schneier on Security: Cryptographic Blunders Revealed by Adobe's Password Leak
www.schneier.com/blog/archives/2013/11/cryptographic_b.html
Protect Data by Preventing Insecure Cryptographic Storage - InfoSec Institute
resources.infosecinstitute.com/protect-data-by-preventing-insecure-cryptographic-storage/
node.js - SALT and HASH password in nodejs w/ crypto - Stack Overflow
stackoverflow.com/questions/17201450/salt-and-hash-password-in-nodejs-w-crypto
Avoiding Password Breaches 101: Salt Your Hash – ReadWrite
“Change your passwords now. Like, every password you use on every website you have ever visited.” You may have heard this advice from tech publications and mainstream rags after password leaks were discovered at LinkedIn, eHarmony and Last.fm. It is a good idea to change passwords at least a couple times a year anyway. But the problem does…
readwrite.com/2012/06/07/avoiding-password-breaches-101-salt-your-hash
123