Is there a significance to the word "salt" for a password salt?
+15
A:
The only meaning is that you are adding something to your password before you hash it, similarly to adding salt to your meal :-)
Leopold Cimrman
2008-10-28 21:21:33
This is what I've guessed, but never found anything authoritative to back it up. Can you cite any sources for this?
erickson
2008-10-28 22:43:50
I don't have any source at hand now. That was only my perception from the texts I have read about that some time ago.
Leopold Cimrman
2008-10-29 10:08:20
+1
A:
Because before you hash the password, you add a random text to it. So, it looks like as if you add some "salt" to the original "food" ... password :)
mnour
2008-10-28 21:21:42
+19
A:
http://www.derkeiler.com/Newsgroups/comp.security.misc/2003-05/0154.html
The use of the word "salt" is probably a reference to warfare in ancient times, when people would salt the wells or farmland to make it less hospitable. The Romans are sometimes supposed to have done this to Carthage in 146 BC. In the context of passwords, a "salted" password is harder to crack.
Apparently, there's no strong evidence even for the original "salting" of Carthage (http://en.wikipedia.org/wiki/Salting_the_earth) claim, but an interesting hypothesis nonetheless.
micahwittman
2008-10-28 21:25:16
+1 for the link, although I seriously doubt it's correct (not the history, just the relationship with cryptography)
Jon B
2008-10-28 21:29:18
Though whether or not the history is correct really has nothing to do with the etymology of the technical term. I have no idea who invented the term "salt" or what they were thinking when they did, but it is certainly possible that they were thinking of an historical allusion that turned out to be inaccurate. Like, if someone says "The author called this program George because, like George Washington, it never tells a lie,", the fact that you can prove that George Washington did tell a lie at some point hardly proves that that was not the source of the name of the product.
Jay
2009-10-19 13:45:10
+1
A:
I would guess because it's easy to add "salt" (NaCl or a fixed string). But once you do, the output is irrevocably changed (food, encrypted password).
jwmiller5
2008-10-28 21:35:02
if you put a potato, it's going to remove the salt. `http://wiki.answers.com/Q/How_do_you_remove_salt_from_food_when_you're_cooking`
Stefano Borini
2010-03-24 03:36:21
+9
A:
According to Ken Thompson, one of the first people to use the term in a book, it's related to the term "salting a mine", referring to gold mines. Whether that is "correct" or not who knows? I doubt there's an actual correct answer to this, it's just one of those terms that doesn't really have to have a reason as long as what it means is understood.
Gerald
2008-10-28 21:35:54
It means to artificially lace a mine with gold to make it appear to be a gold mine. Not sure that relates directly to the purpose of a salt in cryptography, but not much else does either.
Gerald
2008-10-28 22:10:10
Well, there surely is a correct answer. I mean, someone must have been the first to use the term, and he must have had some reason for thinking it was appropriate. That said, I have no idea who invented it or what he was thinking. It might have been something very clear and insightful, or it may have just been that he was eating lunch when he came up with the idea and, groping for what to call it, noticed the salt shaker on the table in front of him. (There have been less significant origins of technical terms than that. Cf "googol" and "quark".)
Jay
2009-10-19 13:48:29
A:
Unsalted passwords are too plain. Being simple text, an unsalted password is typically shorter than the side of the hash, thus ensuring that only a subset of hash outputs are possible. This means that hashes of passwords are suceptible to dictionary attacks and/or other cryptographic analysis based on the reduced keyspace.
salting the password with random, or even fixed data, removes or mitigates these attack vectors.
Chris Becke
2008-10-28 21:39:18
Not exactly - the length of the passwords does not matter - what matters is that they are different from each other.
Dominik Weber
2010-08-25 19:28:26
+3
A:
I had thought it related to the verb salt ...
(salt away) informal put by (money) secretly.
Remou
2008-10-28 22:33:21