Hashing is mainly used for authentication purposes. Salting makes password hashing more secure. Salting is an extra action during hashing. If two clients have the same password, they will also have the same password hashes. A salt, which is a random series of characters, is an extra input to the password before hashing. This makes an alternate hash result for the two passwords. Salting makes it difficult to use lookup tables and rainbow tables to crack a hash. A lookup table is a data structure that processes several hash lookups for every second.
Implementation of Salting:
The following suggestions are used to implement salting:
- Size of the salt should match the size of the hash function’s output.
- Always hash on the server in a web application.
- The salt should be unique for every user’s password.
A Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) is the best option to produce salt. It is completely unpredictable and produces a random number. So it is highly secure.
To store a password:
- Use CSPRNG (Cryptographically Secure Pseudo-Random Number Generator) to produce a salt.
- Add salt to the starting of the password.
- Hash it with SHA-256.
- Save the hash and the salt.
To validate a password:
- Recover salt and hash from the database.
- Add salt to the password and hash it.
- Compare the hash of a given password to the one stored in the database.
- The password is incorrect if the hashes do not match.
Key stretching can also be used to secure against attack. It prevents high-end hardware that can compute billions of hashes for every second less effective.
GeeksforGeeks has prepared a complete interview preparation course with premium videos, theory, practice problems, TA support and many more features. Please refer Placement 100 for details
- Implementing callback in PHP
- Implementing Checksum Using Java
- ReactJS | Implementing State & Lifecycle
- Implementing Byte Stuffing using Java
- Difference between Box and Jumpshare
- Difference between Dropbox and Jumpshare
- Difference between Amazon Drive and Jumpshare
- Difference between Thin clients and Thick Clients
- Understanding Network Attached Storage
- Difference between RIP and EIGRP
- IOT as a key in Digital Health Care System
- Difference between Google Drive and Jumpshare
- Difference between NFS and CIFS
- Difference between Amazon S3 and Jumpshare
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.