Learn to Code via Tutorials on Repl.it

← Back to all posts
Salting - what is it?
h
SixBeeps (1032)

In cryptography, salting is the process of adding a random string of bytes to the end of a string before it passes through encryption to make it harder to get the original string back. Why is this useful? Well, for example, let's say you have a list of usernames and passwords, and two users have the exact same password. If you leave the passwords unsalted, the results of encrypting them are going to be the same as well, so they are stored with the same data. When you salt them, however, the salt adds variation to the input, making them stored differently.

Salting has been implemented in a number of ways. On Unix systems, passwords stored in /etc/passwd are salted beforehand, as the file was readable by users

Below is an example of what salting does paired with SHA-256.

Commentshotnewtop
Giothecoder (114)

Wait, but then how is it useful anymore? I’m kinda confused. I know about hash functions, so I know there are advantages to have an impossible-to-decrypt piece of data, but if you add some random bytes, any advantages that I can think of kinda don’t work anymore. So. How does it still help?

Edit: oh nvm still that doesn’t seem super safe still