the.com/salting
adding chaos on purpose so nobody can precompute your secrets in advance.
means appending a random unique value to data (usually a password) before hashing it, so identical inputs produce different outputs.
from from literal salt curing meat: unpredictable variation that keeps things from spoiling in the same predictable way, borrowed by cryptographers in the 1970s unix password system.
defeatsrainbow table attacks by making precomputed hashes useless
unix origin1976, robert morris sr added salts to crypt()
not secretsalts are stored in plaintext right next to the hash
size mattersmodern salts run 16 bytes or more, random per user
for instance
unix crypt — 1976, first widespread password salting implementation
bcrypt — 1999 algorithm with salting baked directly into its output format
linkedin 2012 breach — 6.5m passwords leaked unsalted, cracked within days
django framework — auto-salts every password hash by default since 2013