0

A salt can be a random value and length. The hash and the salt are stored in the database.

Is there a separate salt generator function used? Is it just a random generator?

Does it need to be a CSPRNG? It's just being stored in plaintext next to the hash to prevent dictionary attacks. Similarly to nonces, could a salt just be random or pseudorandom?

Are the salt generators combined with the other security functions, like key stretching and hashing, into one overall hash function which outputs the salt and hash?

jreese
  • 13
  • 5
  • Salts can come from a variety of sources. What application are you talking about? – schroeder Feb 07 '19 at 16:10
  • @schroeder No application in particular, just learning about salts and I couldn't find much about salt generators. Are they rolled into the hash function? Do you know of an example or some source code I could look at? – jreese Feb 07 '19 at 16:13
  • Where the salt comes from depends on how you are doing the hashing. – schroeder Feb 07 '19 at 16:16
  • The answer to the linked question should walk you through a lot of different options including generating salts. – schroeder Feb 07 '19 at 16:21
  • Thank you, That is exactly what I was wondering about. It depends on the hash function being used. Some perform the salting, while others take the salt as a parameter. You also recommend to use a CSPRNG to ensure a high probability of uniqueness among the salts. – jreese Feb 07 '19 at 16:34

0 Answers0