What is the purpose of salt in password hashing?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

What is the purpose of salt in password hashing?

Explanation:
Salt introduces randomness to the password hashing process. By mixing a unique random value with each password before hashing, identical passwords yield different hashes, so precomputed dictionaries or rainbow tables become ineffective. An attacker can’t rely on a single table for common passwords because each user’s hash depends on their own salt, which is typically stored with the hash in plaintext. This uniqueness prevents reuse of hash values across accounts and makes offline guessing much harder. Remember, salt is not about encryption, and it doesn’t inherently speed up hashing; its benefit comes from thwarting precomputed attacks by ensuring each password hash is unique.

Salt introduces randomness to the password hashing process. By mixing a unique random value with each password before hashing, identical passwords yield different hashes, so precomputed dictionaries or rainbow tables become ineffective. An attacker can’t rely on a single table for common passwords because each user’s hash depends on their own salt, which is typically stored with the hash in plaintext. This uniqueness prevents reuse of hash values across accounts and makes offline guessing much harder. Remember, salt is not about encryption, and it doesn’t inherently speed up hashing; its benefit comes from thwarting precomputed attacks by ensuring each password hash is unique.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy