tags:

views:

3039

answers:

9

Is there a significance to the word "salt" for a password salt?

+15  A: 

The only meaning is that you are adding something to your password before you hash it, similarly to adding salt to your meal :-)

Leopold Cimrman
This is what I've guessed, but never found anything authoritative to back it up. Can you cite any sources for this?
erickson
I don't have any source at hand now. That was only my perception from the texts I have read about that some time ago.
Leopold Cimrman
+1  A: 

Because before you hash the password, you add a random text to it. So, it looks like as if you add some "salt" to the original "food" ... password :)

mnour
+19  A: 

http://www.derkeiler.com/Newsgroups/comp.security.misc/2003-05/0154.html

The use of the word "salt" is probably a reference to warfare in ancient times, when people would salt the wells or farmland to make it less hospitable. The Romans are sometimes supposed to have done this to Carthage in 146 BC. In the context of passwords, a "salted" password is harder to crack.

Apparently, there's no strong evidence even for the original "salting" of Carthage (http://en.wikipedia.org/wiki/Salting_the_earth) claim, but an interesting hypothesis nonetheless.

micahwittman
+1 for the link, although I seriously doubt it's correct (not the history, just the relationship with cryptography)
Jon B
Though whether or not the history is correct really has nothing to do with the etymology of the technical term. I have no idea who invented the term "salt" or what they were thinking when they did, but it is certainly possible that they were thinking of an historical allusion that turned out to be inaccurate. Like, if someone says "The author called this program George because, like George Washington, it never tells a lie,", the fact that you can prove that George Washington did tell a lie at some point hardly proves that that was not the source of the name of the product.
Jay
+14  A: 

Maybe because salt goes well with hash?

Jim Buck
+1  A: 

I would guess because it's easy to add "salt" (NaCl or a fixed string). But once you do, the output is irrevocably changed (food, encrypted password).

jwmiller5
if you put a potato, it's going to remove the salt. `http://wiki.answers.com/Q/How_do_you_remove_salt_from_food_when_you're_cooking`
Stefano Borini
+9  A: 

According to Ken Thompson, one of the first people to use the term in a book, it's related to the term "salting a mine", referring to gold mines. Whether that is "correct" or not who knows? I doubt there's an actual correct answer to this, it's just one of those terms that doesn't really have to have a reason as long as what it means is understood.

Gerald
Interesting. Can you elaborate? What does it mean to "salt a mine"?
erickson
It means to artificially lace a mine with gold to make it appear to be a gold mine. Not sure that relates directly to the purpose of a salt in cryptography, but not much else does either.
Gerald
Well, there surely is a correct answer. I mean, someone must have been the first to use the term, and he must have had some reason for thinking it was appropriate. That said, I have no idea who invented it or what he was thinking. It might have been something very clear and insightful, or it may have just been that he was eating lunch when he came up with the idea and, groping for what to call it, noticed the salt shaker on the table in front of him. (There have been less significant origins of technical terms than that. Cf "googol" and "quark".)
Jay
A: 

Unsalted passwords are too plain. Being simple text, an unsalted password is typically shorter than the side of the hash, thus ensuring that only a subset of hash outputs are possible. This means that hashes of passwords are suceptible to dictionary attacks and/or other cryptographic analysis based on the reduced keyspace.

salting the password with random, or even fixed data, removes or mitigates these attack vectors.

Chris Becke
True, but wasn't the question.
Ant
Not exactly - the length of the passwords does not matter - what matters is that they are different from each other.
Dominik Weber
A: 

Once you add salt to food the real taste is no longer visible. So basically this is a figurative saying; add a little salt and it changes the original dish.

+3  A: 

I had thought it related to the verb salt ...

(salt away) informal put by (money) secretly.

-- http://www.askoxford.com/concise_oed/saltx?view=uk

Remou