Reputation: 495
How "dynamic salt" hashing works?
Well, I don't know what it is really called so I call it dynamic salt hashing. Recently, I have encountered a hashing algorithm which uses dynamic salt(generated randomly). As a result, same string produces different hash values. I wonder how it is works as well as how it is verified. The verify function takes only 2 parameters: the string and the hash value. I want to know how it works.
Edit:
I have seen a similar (but not duplicate) question to mine: https://crypto.stackexchange.com/questions/1770/salts-how-does-the-script-know-what-the-salt-is
Both my question and that one, is not yet answered.
Upvotes: 5
Views: 4186
Answers (1)
Reputation: 6977
The main reason for dynamic salt is to prevent "Rainbow table" attack.
Therefore, you will have to store the salt somewhere (e.g. in the table). Then, each time you want to verify password you will have to get this specific salt.
The term "dynamic salt" is not that it is changing every time you verify it. It only means that it is dynamic for each record.
This paper has everything you need to know.
Upvotes: 3
Related Questions
- Am I misunderstanding what a hash salt is?
- Hashing and Salting confusion
- Can you help me to understand salt hashing function?
- Does hashing the salt add any security?
- Why string hashed with its hash as salt returns the hash?
- How does PHP's password_hash generate the salt?
- Hashing, adding more salt
- Salting Passwords
- Using a hash of data as a salt
- What is the purpose of the "salt" when hashing?