Salted hashes demystified

by Andres Andreu
Oct. 2, 2017 1 comment Infosecwriters Encryption & Authentication

This primer will provide a basic level explanation of how seeded (or salted) hashes of clear text data are structured / created. The original formalization of this concept comes from RFC-31121. This document is written so that an understanding of this type of functionality becomes possible to anyone with a good computer science foundation. For the purposes of this exploratory journey we will use the Secure Hash Algorithm (SHA-1) hashing algorithm (NIST FIPS 180-22, RFC-31743). The salting concepts apply to any one-way hashing algorithm including the MD-5 algorithm (RFC-13214).

Irina Alexandra Negrii 8 months, 1 week ago

The only sure way to mitigate against this eventuality is to ensure that all data is well protected by implementing well documented and industry accepted security best practices. One of such practices, and the subject of this blog, is "hashing and salting" of passwords in a database