Mon. Jan 23rd, 2023

Cryptographic salt

A necessary feature of encryption algorithms is that they are predictable. It would be no use if the same file generated various different outputs.

It is this predictability that is also a weakness. When encryption is used for shorter pieces of data (email addresses, passwords etc) there is a high likelihood of multiple people having the same data to be encrypted.

Good practise is to store the hash of a password in a database rather than the actual password: this way, if the database security is breached, the attacker can’t read the passwords of your users from the database. However, every user who has the same password will have the same password hash.

This means once one password is cracked, all other passwords with the same hash are known.

Salting is a process where an additional value is incorporated into the algorithm, and this value is unique for each record. By adding a random element, all hash values will now be different, even if the original data was the same. This obviously makes potential data breaches less catastrophic.