Hashing is mainly used for authentication purposes. Salting makes password hashing more secure. Salting is an extra action during hashing. If two clients have the same password, they will also have the same password hashes. A salt, which is a random series of characters, is an extra input to the password before hashing. This makes an alternate hash result for the two passwords. Salting makes it difficult to use lookup tables and rainbow tables to crack a hash. A lookup table is a data structure that processes several hash lookups for every second.
Implementation of Salting:
The following suggestions are used to implement salting:
- Size of the salt should match the size of the hash function’s output.
- Always hash on the server in a web application.
- The salt should be unique for every user’s password.
A Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) is the best option to produce salt. It is completely unpredictable and produces a random number. So it is highly secure.
To store a password:
- Use CSPRNG (Cryptographically Secure Pseudo-Random Number Generator) to produce a salt.
- Add salt to the starting of the password.
- Hash it with SHA-256.
- Save the hash and the salt.
To validate a password:
- Recover salt and hash from the database.
- Add salt to the password and hash it.
- Compare the hash of a given password to the one stored in the database.
- The password is incorrect if the hashes do not match.
Key stretching can also be used to secure against attack. It prevents high-end hardware that can compute billions of hashes for every second less effective.
Attention reader! Don’t stop learning now. Get hold of all the important DSA concepts with the DSA Self Paced Course at a student-friendly price and become industry ready.
- Implementing callback in PHP
- Implementing Checksum Using Java
- ReactJS | Implementing State & Lifecycle
- Implementing Csurf Middleware in Node.js
- Implementing Byte Stuffing using Java
- Link Access Protocol D-channel (LAPD)
- Different types of CAPTCHAs
- Working of Dynamic Host Configuration Protocol
- X.25 Structure
- Switch Port Analyzer (SPAN)
- SMTP Responses
- Optimized Link State Routing Protocol
- ISDN Protocol Architecture
- Syslog Message Logging Protocol
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to firstname.lastname@example.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.