A hash function is any well-defined procedure or mathematical function that converts a large amount of data into a small datum, usually a single integer. For questions about the Twitter and Facebook # symbol, use hashtag


Cryptography function that takes random bits and a string (typically a password) and uses a one-way hash to provide a new string that can be used for authentication without providing access to the original string

Data longer string

Quality Example

"Example the salt field might only allow a 64 characters while the generated salt might be longer therefore when you save the salt it gets trimmed which ultimately changes the hash password"

from question "Hashing passwords with exact same inputs doesn't output the same value"

Probably faster

"You ll probably need to get data anyway so the unique salt is probably faster too because you won t need to calculate the hash over username"

from question "Hash salt complexity"

Nothing more

"This salt is nothing more than a random arbitrary string that you concatenate to the passwords and it will make your hash password unique"

from question "PHP Login with MD5 Password?"


"You can safely store the salt in the db because working out a string from its hash is just as hard when you know some of the string as it is when you know none of it provided the password itself is longer than the salt and long enough and strong enough to take a long time to crack by brute force at least 6 chars with at least one case change and a number or non-alphanumeric i d say"

from question "Castle ActiveRecord / NHibernate - Password Encryption or Hashing"

Much larger

"Likely not as cheap as xor against n values but seems like there s possibility for better quality results at a minimal extra cost especially if the data being hash is much larger than the salt value"

from question "How many hash functions are required in a minhash algorithm"

Situation credentials hands

Quality Example
Passwords more

"I get the impression that most people think that hashing salt passwords is the more secure way of handling passwords but i can t figure out a way to comply with current company operations when using hash passwords"

from question "Is it ok to store passwords that are able to be retrieved?"


"In this situation storing password hash and the salt is more secure than storing the credentials encrypted or not because an attacker would have no way of getting the password back even if he manages to get his hands on both the hash and the salt"

from question "Storing credentials in an encrypted file"

Harder crypt brute

Quality Example
Harder especially

"Most attacks involve generating hash for common passwords so for reasonably complicated passwords it becomes harder especially with salt some people use usernames as salt others use randomly generated numbers"

from question "SHA Encryption - Are Salts Really Needed?"


"I don t know how safe could it be and how difficult is for the hacker to determinate the technique i use the thing is that the result has the same length as the hash and is harder to determinate a salt so if for any reason in the history hacker uses a rainbow table and catches a probable result it will be the wrong"

from question "Cryptography: Make a stronger hash for password"

Not more secure

"So when i see that the salt is stored in the hash password and that you use that hash password as salt i think crypt + salt is not more secure against a brute force on output hackers who managed to steal hash passwords"

from question "How are Crypt and Salt more secure than MD5 against a brute force attack?"


Quality Example
Field better

"Restructuring of the database to just add an salt field is better option or the only one really if your going to do it properly but you could use your currant hash field to store the salt as other person posted"

from question "Passwords hash protection against "Rainbow tables" reverse engineering with password padding"

Sha-512 higher

"Salt sha-512 offers a higher level of security and implementing a scheme where you stretch the hash is even better do some high number of iterations of sha-512 - starting with the password+salt of course"

from question "Whats a decent way to upgrade from SHA1 to SHA256?"

Also more

"Prepending a salt is also more powerful than directly setting the seed values because in addition to changing the internal state of the hash if the salt is not a multiple of the digest block size then it can also perturb the alignment with which the input is fed into the hash function"

from question "How to set MessageDigest seed?"

More protection

"However using a salt offers more protection against rainbow tables precalculated hash tables so they re still worth using"

from question "Why salt did not help when using dictionary attack"


"The more randomness and more characters your salt has the better for the hash but anything that s several characters long and random works"

from question "How strong do salts need to be?"


"The lack of salt is harder to expoit here than with password hash since the hash is not directly known"

from question "Encryption example with password only ... no Salt. Does it work?"

Back to Home
Data comes from Stack Exchange with CC-BY-SA-3.0