Salt (cryptography)

Here is an incomplete example of a salt value for storing passwords. This first table has two username and password combinations. The password is not stored.

Username Password
user1 password123
user2 password123

The salt value is generated at random and can be any length, in this case the salt value is 8 bytes long. The salt value is appended to the plaintext password and then the result is hashed, this is referred to as the hashed value. Both the salt value and hashed value are stored.

Username Salt value String to be hashed Hashed value = SHA256 (Password + Salt value)
user1 E1F53135E559C253 password123E1F53135E559C253 72AE25495A7981C40622D49F9A52E4F1565C90F048F59027BD9C8C8900D5C3D8
user2 84B03D034B409D4E password12384B03D034B409D4E B4B6603ABC670967E99C7E7F1389E40CD16E78AD38EB1468EC2AA1E62B8BED3A

As the table above illustrates, different salt values will create completely different hashed values, even when the plaintext passwords are exactly the same. Additionally, dictionary attacks are mitigated to a degree as an attacker cannot practically precompute the hashes. However, a salt cannot protect common or easily guessed passwords.

In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes data, a password or passphrase. Salts are used to safeguard passwords in storage. Historically a password was stored in plaintext on a system, but over time additional safeguards developed to protect a user's password against being read from the system. A salt is one of those methods.

A new salt is randomly generated for each password. In a typical setting, the salt and the password (or its version after key stretching) are concatenated and processed with a cryptographic hash function, and the resulting output (but not the original password) is stored with the salt in a database. Hashing allows for later authentication without keeping and therefore risking exposure of the plaintext password in the event that the authentication data store is compromised.

Salts defend against a pre-computed hash attack, e.g. rainbow tables.[1] Since salts do not have to be memorized by humans they can make the size of the hash table required for a successful attack prohibitively large without placing a burden on the users. Since salts are different in each case, they also protect commonly used passwords, or those users who use the same password on several sites, by making all salted hash instances for the same password different from each other.

Cryptographic salts are broadly used in many modern computer systems, from Unix system credentials to Internet security.

Salts are closely related to the concept of a cryptographic nonce.

Salt (cryptography)的更多相关文章

  1. Web安全--使用Salt + Hash将密码加密后再存储进数据库

    转载原地址 http://www.bozhiyue.com/mianshiti/_net/2016/0728/314239.html (一) 为什么要用哈希函数来加密密码 如果你需要保存密码(比如网站 ...

  2. 转载 C#使用Salt + Hash来为密码加密

    转载 http://www.csharpwin.com/csharpspace/13412r9615.shtml (一) 为什么要用哈希函数来加密密码 如果你需要保存密码(比如网站用户的密码),你要考 ...

  3. C# 使用Salt+Hash来为密码加密

    (一) 为什么要用哈希函数来加密密码 如果你需要保存密码(比如网站用户的密码),你要考虑如何保护这些密码数据,象下面那样直接将密码写入数据库中是极不安全的,因为任何可以打开数据库的人,都将可以直接看到 ...

  4. [转]C#使用 Salt + Hash 来为密码加密

    本文转自:http://www.csharpwin.com/csharpspace/13412r9615.shtml (一) 为什么要用哈希函数来加密密码 如果你需要保存密码(比如网站用户的密码),你 ...

  5. SALT+HASH撒盐加密

    #region 撒盐加密 string salt = Guid.NewGuid().ToString(); byte[] passwordAndSaltBytes = System.Text.Enco ...

  6. [转]c# 对密码执行散列和 salt 运算方法

    本文转自:http://www.cnblogs.com/CnBlogFounder/archive/2008/07/04/1235690.html 大家对密码执行散列和Salt运算一定不陌生.两个Vi ...

  7. C# salt+hash 加密

    一.先明确几个基本概念 1.伪随机数:pseudo-random number generators ,简称为:PRNGs,是计算机利用一定的算法来产生的.伪随机数并不是假随机 数,这里的" ...

  8. .Net使用system.Security.Cryptography.RNGCryptoServiceProvider类与System.Random类生成随机数

    .Net中我们通常使用Random类生成随机数,在一些场景下,我却发现Random生成的随机数并不可靠,在下面的例子中我们通过循环随机生成10个随机数: ; i < ; i++) { Rando ...

  9. 密码学应用(DES,AES, MD5, SHA1, RSA, Salt, Pkcs8)

    目录 一.数据加密标准 - Data Encryption Standard(DES) 二.高级加密标准 - Advanced Encryption Standard(AES) 三.消息摘要算法第五版 ...

随机推荐

  1. Autofac的基本使用---5、常用配置

    Autofac的基本使用---目录 创建实例方法 参考:http://www.cnblogs.com/manglu/p/4115128.html InstancePerDependency 对每一个依 ...

  2. Hyperledger fabric 链码篇GO(四)

    Hyperledger fabric 链码篇GO(四) fabric中的链码也就是我们区块链所认知的智能合约,fabric中可由nodejs,java,go编写,本篇只针对GO语言编写链码.将详细介绍 ...

  3. 初识Web Service

    Web Service 今天新接了一个小项目,要用webservice.把示例代码拿过来一看,我有点懵.这啥东西?虽然调试了一下,找猫画虎也算调成功了,但是对这个webservice还是不太了解. 下 ...

  4. vue3系列:vue3.0自定义弹框组件V3Popup|vue3.x手机端弹框组件

    基于Vue3.0开发的轻量级手机端弹框组件V3Popup. 之前有分享一个vue2.x移动端弹框组件,今天给大家带来的是Vue3实现自定义弹框组件. V3Popup 基于vue3.x实现的移动端弹出框 ...

  5. [leetcode]207. Course Schedule课程表

    在一个有向图中,每次找到一个没有前驱节点的节点(也就是入度为0的节点),然后把它指向其他节点的边都去掉,重复这个过程(BFS),直到所有节点已被找到,或者没有符合条件的节点(如果图中有环存在). /* ...

  6. JavaScript基础知识梳理

    一.简单数据类型 Number.String.Boolean.Undefined.Null 1.Number: 方法: toPrecision( ) 返回指定长度的数字(范围是1到100) toFix ...

  7. Elastisearch在kibana下常用命令总结

    1.获取所有数据 GET /_search 2.创建一个Document PUT /ecommerce/product/1 { "name" : "gaolujie ya ...

  8. 添加/删除/读写c盘文件——c#

    一.前言: 有时候我们为自己的程序添加配置文件,如tet.ini.xml等文件,又或者保存软件运行时的日志 当我们把软件打包后,默认安装在c盘,而配置文件也会跟随生成在安装目录下 此时你会发现,配置文 ...

  9. Lagom 官方文档之随手记

    引言 Lagom是出品Akka的Lightbend公司推出的一个微服务框架,目前最新版本为1.6.2.Lagom一词出自瑞典语,意为"适量". https://www.lagomf ...

  10. react项目中实现搜索关键字呈现高亮状态(一)

    最近有个需求,在一个react项目中,实现搜索关键字呈现高亮状态.这个在普通的html文件中还好操作些,在react项目中有点懵逼了,因为react项目中很少操作dom,有点无从下手.但最后还是实现了 ...