Overview
Salting is a technique used to defend against dictionary attacks and rainbow table attacks. A 'salt' is a random string of data that is appended to a password before it is passed through a hash function.
How it Works
- User creates a password.
- The system generates a unique, random salt for that user.
- The salt is combined with the password (e.g.,
password + salt). - The combined string is hashed.
- The salt and the resulting hash are stored in the database.
Why it's Effective
Even if two users have the same password, their hashes will be different because their salts are different. This makes it impossible for an attacker to use a single pre-computed table to crack many passwords at once.