Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Using a salt value

Using a salt value

4:09 am on Oct 9, 2012 (gmt 0)

New User

joined:Aug 28, 2012
votes: 0


I've been reading up on using a salt value when creating a password to make it more secure, what I can't get my head round is how do you remember this salt value?

I'm guessing that when a user logs in to be able to compare the password entered with the one in the database you would need to again add the salt value to the entered password.

Am I missing something really obvious?

Thanks in Advance
8:39 am on Oct 9, 2012 (gmt 0)


WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
votes: 10

the salt is used to encrypt the password and then the salt is stored with the encrypted password so future attempts to authenticate will use the same salt to encrypt.
therefore you can never read the clear-text password in the database but you can match it if you know it.
11:41 am on Oct 9, 2012 (gmt 0)

Senior Member

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 7, 2003
votes: 0

A salt is added to avoid those laying their hands on your hashes to be able to see hey this one has the same salt as this one, so they have the same password (likely a case of both using "password" as password. Or Of somebody having constructed the hashes of all known words in a dictionary (a so called rainbow table), and hence able to reverse all hashes from all weak passwords with a simple lookup.

Salt: make sure it is *random* (cryptographically random) and long. Just store it along the hash.



concatenate password and salt (retrieved from database)
hash the above
very with the stored hash

Upon password change: get a new random salt and hash the concatenation of the new password and the new salt). Sotre the new hash and the new salt.