DEV Community

Cover image for Salting & Hashing๐Ÿณ
Neo Sahadeo for noted

Posted on • Edited on

Salting & Hashing๐Ÿณ

What is salting ๐Ÿง‚?

Salting is the process of adding data into a value before hashing.

What is hashing #๏ธโƒฃ?

Hashing is the process of converting data into a fixed-length string.

fixed-length: all hashes will have the same length

โš ๏ธSomething important to highlight is that hashing is not encrypting; Hashing or encryption depends on what the ultimate goal of that obfuscation is (orginisation regulations are a factor).

Here's an example:

User 1

(~๐Ÿง): echo password | sha256sum
6b3a55e0261b0304143f805a24924d0c1c44524821305f31d9277843b8a10f4e>

User 2

(~๐Ÿง): echo password | sha256sum
6b3a55e0261b0304143f805a24924d0c1c44524821305f31d9277843b8a10f4e>

The hashed passwords are identical; and that makes sense, they're the same password passed through the same algorithm. The problem arises when two separate users have the same hashed password and a bad actor gets a hold of these password and they can draw similarities.

Hypothetical scenario of compromised data:

User 1 uses the same password for every-site (not an uncommon thing). One of the sites gets their user-data leaked (also not an uncommon thing) which happens to have User 1's raw password stored. Then another site gets leaked that has User 1 and User 2's passwords that are hashed (but not salted). It's as easy as running a grep search and comparing hashes.


Adding a random SALT:

User 1

(~๐Ÿง): echo 01anv3password | sha256sum
afe1f6368ce0f7400ee266d52908e190e64779f2f91f4824ea8f1e595fe76ae1

User 2

(~๐Ÿง): echo aKdu4ppassword | sha256sum
a0c787128946d0319fbbbd41312a37c274d7dee345bfad74fca4c670c1bcfea5 

From above, adding a random six character SALT changes the hash completely.

Conclusion

  • Salting is the process of adding data into a value before hashing it
  • Salts should be random
  • Hashing is converting data into a fixed-length string
  • Hashing is not the same thing as encryption

[๐ŸงN.S]

Top comments (0)