Salt

overview

Summary

Salt is random data added to a password before hashing. A password_salt makes identical passwords hash differently. Use a unique_per_hash and high entropy random_salt. Salts stop simple lookup and rainbow_table_attacks. Store the salt_with_hash; it is not secret. Generate salts with a cryptographic_rng. Prefer slow, memory-hard password_hash_functions such as bcrypt, scrypt, or Argon2. Typical salt sizes are 16 bytes or more.