Password salting is the practice of adding large-value randomized data (called “salt” in cryptography) to passwords stored in databases. Password salting makes it harder to reverse engineer leaked passwords in the event of a data breach.
Password salting is often used automatically with password hashing (running the plaintext password through a hashing algorithm) to better protect stored passwords. This combination of security measures is called “password hash salting.”
See also: hash chain, file hash, salting, rainbow table attack
Salting adds a random piece of data to the plaintext password before it is run through a hashing algorithm. For example, “password123” might become “password123%kjak(%)” after salting — in this case, “%kjak(%)” is the salt. Because the salt is applied before hashing and is different for each password, identical plaintext passwords produce different results.
Password salting is an important cybersecurity measure against attacks that manage to get past a database’s outer defenses. Without password salting, even password hashes can be deciphered by hackers using rainbow table attacks and other decryption methods, given enough time.
