Password salting is known as the process which secures password hashes. It secures them from attacks such as a rainbow table attack. Passwords which are not salted are those which don’t contain any unique properties whatsoever. This means they can easily be compared to databases to see who has used a similar password. Rainbow tables are basically lists which are pre-generated with hash inputs – outputs, and which can quickly be looked up for the input from its hash. Rainbow table attacks are only possible as the output of hash functions remain equal with the exact same input, making them easier to locate.
Therefore, how is it possible to make your hashed password completely unique and safer? Simple, add a little salt! A salt in cryptography is basically a piece of data that is exclusive to the specific user, that is then saved with a password and then stored and verified during the hashing process.
This is extremely useful as each user will have something which is completely one of a kind to them, which is added on to their own password right before the hashing and storing within the database. This means that in the case of someone trying to compare the database password hashes together along with a list of common hashes, there would be no matches at all, neither in the case of users using common passwords from the attacker’s list.
Having the salt completely adjusts the output of the hash function, leaving an attacker with only the option to brute force each users password individually which eliminates the use of a rainbow table altogether.
In order to remain safe, the remedy is not only to hash the password, but to hash more of the user’s data, and this is known as the salting process. This can mean rather than storing the user’s password hash, you could store the hash of an email address and password together instead.
Why is this effective I hear you ask? This is because tables of hashes of generated data with more than 10 characters begin to be problematic to both generate and store.
With such a predicament, it guarantees that in the case of your data becoming exposed, it will almost be too difficult for attackers to carry out due to the size, and they will likely find the extraction extremely problematic, scaring them off for good.