Reputation: 139
Salt in cryptography
I was reading about salts in hashing and cryptography and I saw that in other answers in StackOverflow about salting:
salting is adding data to the password (or anything we want to encrypt) to make it harder for people who want to crack it with bruteforce and rainbow tables.
for example, my password is PASSWORD and my salt is SALT so the program converts it to PASSWORDSALT and then hash it.
But it does not work when I used scrypt and blake (I have not tried other encryption types with salt)
Python code:
>>> blake2b(b'PASSWORD', salt=b'SALT').hexdigest()
52d9cb2e8690fcc5d34ef948e09c51aae66ff1d8e099bb72e2db333d6aa90b12c1745872b72004d6a64210cbb9be11307817f156863073d85cad0f2d643a4416
>>> blake2b(b'PASSWORDSALT').hexdigest()
aa2fd2094ec83915eef264d4f24870f3d2ebb676449bc824161cf53aa62142dd64e5a80214a0638195eb1d3c2474727711c4e2149d10afc5767c0c25f5625a54
So Why they are not equal?
Upvotes: 1
Views: 460
Answers (1)
Reputation: 94058
The password and salt are just inputs to a password hash function. Password hash functions are allowed to have more than one input. This is different from a secure hash such as SHA-256 that simply takes a single input to hash: the message.
If you look at the Blake specification you will see in section 2.8 that the salt is put in a parameter block, and that it is not used as separate input for each iteration.
Upvotes: 2
Related Questions
- What is best possible way of salting and storing salt?
- Symmetric cryptography and salt
- Java AES Encryption with salt
- Symetric Encryption - Salt and IV
- Random salt encryption / decryption
- Salt, passwords and security
- Using more than one salt in securing passwords
- Understanding Password + Salting
- Salting with AES
- Salting - the order of steps