The Critical Importance of a Salt

Defeating Rainbow Tables

If you hash the word 'password' through SHA-256, it always produces the same output. Attackers pre-compute trillions of these hashes in 'Rainbow Tables' to instantly look up stolen password hashes.

A 'salt' is a uniquely generated string of random data added to your password before it is hashed. Because the salt is unique to your account, attackers cannot use pre-computed tables and must attempt to crack your hash entirely from scratch.

Technical Execution

A salt fundamentally changes the final output of a hash. If two users inexplicably choose the exact same password, they will still have completely unique hashes because their randomly generated salts are prepended to the string before hashing.

Everyday Example

Imagine a master chef copying a famous soup recipe (the password). Rival chefs (attackers) already memorized thousands of standard recipes in a book (a Rainbow Table). But if the master chef randomly tosses a handful of completely unlabeled exotic spices (the salt) into the pot before boiling it, the rivals' books are entirely useless.

The Deep Mathematics

A salt fundamentally shifts the hashing domain. If H(x) defines the hash function, attackers pre-compute H(p₁) through H(p_n). If a 128-bit salt 's' is prepended to yield H(s ∥ p), the attacker must compute a unique rainbow table of size 2¹²⁸ specifically for that one user, rendering time-memory tradeoff attacks practically impossible.