Hashing & Salting

Hashing is the process of converting data (like a password) into a fixed-size string of characters. It is a one-way function, meaning you cannot convert the hash back into the original password.

Crypto Lab

User Password

Salt (Random Data)

Database Stored Hash

Rainbow Table Attack

Ready to attack...

Interactive: Enter a password to see its hash. Try the "Simulate Hack" button. Then, add a "Salt" and try hacking it again to see why salts are crucial.

Why Salt?

Rainbow TablesHackers use pre-computed tables of billions of common passwords and their hashes. If you use a simple hash (e.g., MD5 of "password123"), they can look it up instantly.
UniquenessA "Salt" is random data added to the password *before* hashing. Even if two users have the same password ("password123"), their salts will be different, so their hashes will be different.
DefenseSalting forces an attacker to crack each password individually, rather than using a pre-made table for all of them at once.

Best Practices

Slow Hashing AlgorithmsUse algorithms designed to be slow (e.g., Argon2, Bcrypt, PBKDF2). This makes brute-force attacks computationally expensive.

Unique SaltsGenerate a new, random salt for every single user. Never reuse salts.