Why does salting a hashed password increase security?

后端 未结 2 2054
逝去的感伤
逝去的感伤 2021-01-22 03:53

I\'ve been doing some research about securely storing passwords in a database. It is generally suggested that you use a salt. As explained in one of the answers in Secure hash a

2条回答
  •  春和景丽
    2021-01-22 04:04

    consider a scenario, where you accept a password from you user and you are sending it over network or storing in database as plain-text.

    if your user enters a password say 6-8 characters long. A hacker may have pre-generate hashes for all possible strings of 6-8 characters length and he can possibly deduce the password, by comparing it with your hash.(Matching your hash against all the pre-generates hashes, he can get a set of possible candidates,if collision occurs)

    But if you append a salt of say 30 chracters to his plain-text password and then hash it. it becomes very difficult for any hacker to pre-generate all the possible combinations of that range. That is the main reason why we use a salt.

    You cant restrict every user to input a 30 character long password for security purposes. if any user chooses a 4 char length password, just add 30 char salt and make it more secure.

提交回复
热议问题