Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 18 Dec 2005 20:18:18 +0300
From: Solar Designer <>
Subject: salts (was: question-newbi)

On Thu, Dec 15, 2005 at 03:13:36PM -0500, John Smith wrote:
> Salt is a "random" string that is concatenated with passwords before 
> being operated on by the hash function.

This is a valid, but greatly simplified description.

For those who might be interested in a more complete description, here's
what I wrote in a private e-mail responding to a similar question:

"salts" in general, not necessarily applied to Unix passwords, you may
find explained in good books on cryptography.  For example, I've just
taken my copy of Alfred J. Menezes et al. "Handbook of Applied
Cryptography" (780 pages), opened the Index and it has two references
for "Salt".  The first one is specific to a case that has little to do
with passwords (although the concept of "salting" is still the same),
while the other one is precisely about password hashing (page 390,
"Salting passwords", then, a few pages later, the book covers the
traditional DES-based Unix password hashes).  The book isn't very new
(first published in 1996 I think), so it won't cover modern advances
precisely in this area (other Unix password hashes in use nowadays and
such), but most of the concepts are old enough.

Of course this information may also be found online, in particular in
Terry Ritter's collections of commented and well-organized sci.crypt
and other online postings:

and in particular for "salts":

Update: The Alfred J. Menezes et al. book I was referring to in this
e-mail is now available for download:

Additionally, Owl and other GNU/Linux distributions which have
integrated my crypt_blowfish package include this brief explanation of
what salts are for in the crypt(3) manual page:

       All  of  the  hashing methods use salts such that the same
       key may produce many possible hashes.  Proper use of salts
       may defeat a number of attacks, including:

       1.     The ability to try candidate passwords against mul-
              tiple hashes at the price of one.

       2.     The use of pre-hashed lists of candidate passwords.

       3.     The  ability to determine whether two users (or two
              accounts of one user) have the  same  or  different
              passwords  without  actually having to guess one of
              the passwords.

crypt_blowfish and the manual page (in roff and PostScript formats) is
available here:

> As I recall windows doesn't use salts.

That's correct.

Alexander Peslyak <solar at>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598 - bringing security into open computing environments

Was I helpful?  Please give your feedback here:

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.