Salt (cryptography)

Here is an incomplete example of a salt value for storing passwords. This first table has two username and password combinations. The password is not stored.

Username Password
user1 password123
user2 password123

The salt value is generated at random and can be any length, in this case the salt value is 8 bytes long. The salt value is appended to the plaintext password and then the result is hashed, this is referred to as the hashed value. Both the salt value and hashed value are stored.

Username Salt value String to be hashed Hashed value = SHA256 (Password + Salt value)
user1 E1F53135E559C253 password123E1F53135E559C253 72AE25495A7981C40622D49F9A52E4F1565C90F048F59027BD9C8C8900D5C3D8
user2 84B03D034B409D4E password12384B03D034B409D4E B4B6603ABC670967E99C7E7F1389E40CD16E78AD38EB1468EC2AA1E62B8BED3A

As the table above illustrates, different salt values will create completely different hashed values, even when the plaintext passwords are exactly the same. Additionally, dictionary attacks are mitigated to a degree as an attacker cannot practically precompute the hashes. However, a salt cannot protect common or easily guessed passwords.

In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes data, a password or passphrase. Salts are used to safeguard passwords in storage. Historically a password was stored in plaintext on a system, but over time additional safeguards developed to protect a user's password against being read from the system. A salt is one of those methods.

A new salt is randomly generated for each password. In a typical setting, the salt and the password (or its version after key stretching) are concatenated and processed with a cryptographic hash function, and the resulting output (but not the original password) is stored with the salt in a database. Hashing allows for later authentication without keeping and therefore risking exposure of the plaintext password in the event that the authentication data store is compromised.

Salts defend against a pre-computed hash attack, e.g. rainbow tables.[1] Since salts do not have to be memorized by humans they can make the size of the hash table required for a successful attack prohibitively large without placing a burden on the users. Since salts are different in each case, they also protect commonly used passwords, or those users who use the same password on several sites, by making all salted hash instances for the same password different from each other.

Cryptographic salts are broadly used in many modern computer systems, from Unix system credentials to Internet security.

Salts are closely related to the concept of a cryptographic nonce.

Salt (cryptography)的更多相关文章

  1. Web安全--使用Salt + Hash将密码加密后再存储进数据库

    转载原地址 http://www.bozhiyue.com/mianshiti/_net/2016/0728/314239.html (一) 为什么要用哈希函数来加密密码 如果你需要保存密码(比如网站 ...

  2. 转载 C#使用Salt + Hash来为密码加密

    转载 http://www.csharpwin.com/csharpspace/13412r9615.shtml (一) 为什么要用哈希函数来加密密码 如果你需要保存密码(比如网站用户的密码),你要考 ...

  3. C# 使用Salt+Hash来为密码加密

    (一) 为什么要用哈希函数来加密密码 如果你需要保存密码(比如网站用户的密码),你要考虑如何保护这些密码数据,象下面那样直接将密码写入数据库中是极不安全的,因为任何可以打开数据库的人,都将可以直接看到 ...

  4. [转]C#使用 Salt + Hash 来为密码加密

    本文转自:http://www.csharpwin.com/csharpspace/13412r9615.shtml (一) 为什么要用哈希函数来加密密码 如果你需要保存密码(比如网站用户的密码),你 ...

  5. SALT+HASH撒盐加密

    #region 撒盐加密 string salt = Guid.NewGuid().ToString(); byte[] passwordAndSaltBytes = System.Text.Enco ...

  6. [转]c# 对密码执行散列和 salt 运算方法

    本文转自:http://www.cnblogs.com/CnBlogFounder/archive/2008/07/04/1235690.html 大家对密码执行散列和Salt运算一定不陌生.两个Vi ...

  7. C# salt+hash 加密

    一.先明确几个基本概念 1.伪随机数:pseudo-random number generators ,简称为:PRNGs,是计算机利用一定的算法来产生的.伪随机数并不是假随机 数,这里的" ...

  8. .Net使用system.Security.Cryptography.RNGCryptoServiceProvider类与System.Random类生成随机数

    .Net中我们通常使用Random类生成随机数,在一些场景下,我却发现Random生成的随机数并不可靠,在下面的例子中我们通过循环随机生成10个随机数: ; i < ; i++) { Rando ...

  9. 密码学应用(DES,AES, MD5, SHA1, RSA, Salt, Pkcs8)

    目录 一.数据加密标准 - Data Encryption Standard(DES) 二.高级加密标准 - Advanced Encryption Standard(AES) 三.消息摘要算法第五版 ...

随机推荐

  1. win7激活不支持的启动引导分区完美解决方法

    前言: 激活win7显示不支持的启动引导分区怎么办?有用户使用暴风激活工具给win7 64位系统激活时,弹出Error提示框"不支持的启动引导分区". 这是因为传统的win7激活工 ...

  2. intellij idea svn不能更新和提交

    进入设置–version control – subversion如下图,将前边的选项的勾全部去掉,点击ok

  3. Oracle中除数为0的两种解决办法(decode与nullif)

    Oracle中Decode函数,语句DECODE(tag,''ZCGS'',0,1)=decode(''@corp-No@'',''6010'',1,0) decode(字段或字段的运算,值1,值2, ...

  4. mybatis实现MySQL数据库的增删改查之二

    这里直接附上代码: 1 package com.qijian.pojo; 2 3 import org.apache.ibatis.type.Alias; 4 5 6 public class Use ...

  5. OpenSUSE 使用基础

    OpenSUSE OpenSUSE 是一个基于 RPM 的发行版,这和 RHEL/CentOS 一致. 但是它的官方包管理器是专有的 zypper,挺好用的,软件也很新. 本文以 OpenSUSE L ...

  6. 【ASP.NET Core】Blazor 服务器端的 Base Path

    提到 Blazor,没准就会有人问:选用 Server 端还是 WebAssembly(客户端)?其实这个不用纠结,老周个人的原则是:Server 端优先.理由很单纯:服务器端虽然消耗服务器上的资源, ...

  7. Vue概述

    Vue.js是一套构建用户界面的渐进式框架,采用自底向上增量开发的设计.Vue的核心库关注于视图(html),不仅易上手,还便于与第三方库或项目整合. 渐进式:一步一步,不是将所有的东西都学完才能使用 ...

  8. MMDetection 快速开始,训练自定义数据集

    本文将快速引导使用 MMDetection ,记录了实践中需注意的一些问题. 环境准备 基础环境 Nvidia 显卡的主机 Ubuntu 18.04 系统安装,可见 制作 USB 启动盘,及系统安装 ...

  9. 温故而知新--day1

    温故而知新--day1 变量类型 变量是计算机存储数据的内存空间,由于计算机可以处理不同的数据,不同的数据就要定义不同的数据类型.python的数据类型很多,还可以自定义数据类型,常用的一般数据类型有 ...

  10. PHP将数据集转换成树状结构

    /** * 把返回的数据集转换成Tree * @param array $list 要转换的数据集 * @param string $pid parent标记字段 * @param string $l ...