SOC Experts Community - Beta
1 like 0 dislike
77 views
in Security Concepts by (370 points)

1 Answer

4 like 0 dislike
by (1.8k points)

Password Salting

To make each hashed password in a database unique. We add something called a salt to the input to the hash function. A salt is basically some random data that is unique to each user, that is saved with their password and used in the hashing process of both storing and verifying the password.

undefined

 Why is this effective?

"They work by adding an extra secret value to the end of the input, extending the length of the original password".

Every user now has something that is unique to them, that is added on to their password before it is hashed and stored in the database. Now, if someone were to try to compare the database password hashes with a list of common password hashes – none of the hashes would match, even if users had used common passwords in the attackers list. 

Example,

Say your password is rocky and the salt value is i.love.salt. The hash value would be made up from both of these together rockyi.love.salt. This provides some protection for those people who use common words as their password. 

SOC Experts - No. 1 Job Oriented Cybersecurity Training Program

View our Courses

Categories

...