What is Password Salting?
August 15, 2024
Introduction
Passwords are used to maintain access to important things, such as bank accounts and websites. They are the first line of protection for our information. There are three ways that a password can be stored: plaintext, encryption, and hashing. Password salting is one of many techniques that fall under hashing, but its importance can’t be overstated.
How It Works
When a password is created, a random “salt” or string of characters is added before running it through the hashing algorithm. For example, if your password is “cyber”. A “salt” could be “$Y1p” and would be stored with the username. The password would then be “cyber$Y1p” before being hashed and stored. This creates a unique string of characters that makes it harder for hackers to break. A key feature of hashing is that it is essentially a one-way process. Data can be hashed, but un-hashing it is nearly impossible. This means that if the password storage unit gets compromised, the hacker will only see the hashed values.
When logging into an account, the “salt” stored with the username would be automatically added. The password input would then go through the same process of adding the salt, getting hashed, and then it would be compared to the hash value that is already stored. If the hashes are different, then the password input is incorrect. If the same, then the password input is correct and the user would gain access to their account.
Benefits
Salting is a safer way to store passwords than plain text storage. This unique way of password storage makes it harder for hackers to obtain passwords to accounts. If two users choose the same password, the random “salt” would be unique for each user resulting in two completely different hashes. This protects the passwords and the different accounts from being compromised, as the hacker would not be able to see that the passwords are the same.
Salting minimizes the effectiveness of several types of attacks:
Brute-force attacks. In this attack, hackers would try to guess every possible password combination. This method of trial and error is used to guess common passwords, logins, and encryption keys. Salting protects from these attacks because the hashes are unique for each password, not allowing the hackers to guess the original password based on the hashed passwords that are stored.
Dictionary attacks. These attacks are a type of brute-force attack where the hackers would run through a list of commonly used words, phrases, and combinations to try to guess a password. Salting makes it more difficult to guess the password and would take longer for it to be cracked.
Rainbow Table attacks. A rainbow table is used to guess the passwords in a database. The rainbow table is a precomputed table that contains a hash value for each common password. Hackers who gain access to the list of password hashes can crack all the passwords with a rainbow table by comparing the hashes they obtain with their table. With salting, the hacker would have to create a different rainbow table for each salt, making this kind of attack much harder.
Conclusion
Salting is a good hashing technique for password storage and confidentiality. It strengthens security and protects against several attacks. The uniqueness protects each account that is created, whether the password is the same or not. Knowing how salting words can provide companies with an additional layer of protection for their users against attacks.