Security Encyclopedia


A salt is a piece of random data added to a password before it is hashed and stored.

Adding a salt to stored passwords is a security process used alongside the hashing of passwords before they are stored. A salt is automatically and randomly generated for this purpose, and since a user is not involved in this process the salt can be complex, compounding the complexity of the hashing process. The increased difficulty in such a scenario further protects passwords from being useful should a system be breached. Salting passwords can help a system defend against a pre-computed hash attack, which is also known as a rainbow table or predictive method of unhashing a password store.


“Hash attacks on servers where encrypted passwords are stored are mitigated by salting the hashed passwords. The additional number streams affixed to the hash values create increased complexity and difficulty, making these attacks mathematically infeasible — or at least shifting the ROI.”