Storing Passwords Using Salted Hashes

Get introduced to the fundamentals of good password storage, using salts.

We'll cover the following


Since an attacker can download a table mapping hashes back to regular words, what if you just add a little extra text to every password? So, to store hashes of 'MyCoolSite'+password, an attacker needs a unique mapping table just for MyCoolSite. Better still, if every password has a unique bit of text, an attacker needs a new table for every password. That bit of text is called a salt.

Another benefit of salts is that hashes will be unique even when the passwords aren’t. Consequently, when an attacker cracks one password, other accounts with the same password are still safe.

Here’s an example:

Get hands-on with 1200+ tech skills courses.