Password salting is the process of adding additional character in the password to one-way function. This function of character makes the password more difficulto to reverse the hash. Major advantage or primary fucntion of password salting is to defeat the dictionary attacks and pre-computed attacks.password salting hash it more complex and even hard to reverse.
Consider the following example, one of the hashed value is of the password without salting, while another hsahed value is of the same password with salting.
Without Salting : 23d42f5f4664498b2c88ff4c20b8c5ac82e47146
With Salting : 87dd36bc045620bd4cbd4c94e9e2bd165c2952dgc873yrD3
By adding a lot of random characters in a password make it more complex and even hard to reverse.
Note: Never tell anyone using your registration forms that their selected password is not unique. A system like that in place will allow hackers to crack passwords in record time!
Mitigating Password Attacks with Salt
To mitigate the damage that a rainbow table or a dictionary attack could do, we salt the passwords. According to OWASP Guideliness, a salt is a fixed-length cryptographically-strong random value that is added to the input of hash functions to create unique hashes for every input, regardless of the input not being unique. A salt makes a hash function look non-deterministic, which is good as we don't want to reveal password duplications through our hashing.
Let’s say that we have password farm1990M0O and the salt f1nd1ngn3m0. We can salt that password by either appending or prepending the salt to it. For example: farm1990M0Of1nd1ngn3m0 or f1nd1ngn3m0farm1990M0O are valid salted passwords. Once the salt is added, we can then hash it. Let's see this in action:
Prepending the Salt
Password: farm1990M0O
Salt: f1nd1ngn3m0
Salted input: f1nd1ngn3m0farm1990M0O
Hash (SHA-256): 7528ed35c6ebf7e4661a02fd98ab88d92ccf4e48a4b27338fcc194b90ae8855c
Appending the Salt
Password: farm1990M0O
Salt: f1nd1ngn3m0
Salted input: farm1990M0Of1nd1ngn3m0
Hash (SHA-256): 07dbb6e6832da0841dd79701200e4b179f1a94a7b3dd26f612817f3c03117434
How To Generate Salting Password
SaltThePass is a password generator that will help you generate unique, secure passwords for all of the websites you visit based on a single Master Password that you remember. click Here :- https://saltthepass.com/
othewise you can also third party software. It comes with simple Instaler that helps you to install it locally on your system for regular usage. It has intuitive setup wizard which guides you through series of steps in completion of installation.
License : Freeware
Platform : Windows XP, 2003, Vista, Windows 7, Windows 8
but you can also use it with " wine " in Linux
ScreenShot
Screenshot 1 : SaltedHashGenerator is generating hashes for various password & salt combinations
Screenshot 2: HTML report of generated hash list.
In Kali Linux
In this article, we tried to share our knowledge about Password Salting which may help you to keep a secure password. Share your thoughts through comment box. I hope you liked this post, then you should not forget to share this post at all.
Thank you so much :-)
