Difference Between Hashing and Salting

Phillip Leonardo Cabrera Medrano

1 min read
Difference Between Hashing and Salting

When we are learning about good practices when storing sensitive information in our databases, the question arises of how I can store my passwords securely.
For this, in computer security and in many of its areas (Web development, Big Data, machine learning, etc.) we talk about #hashing and #salting.
hash
It is even considered a violation of computer security laws in many countries to save user passwords in plain text (as the user types them). To avoid this bad practice, in most cases we use a cryptographic algorithm which converts the entered password into a combination of letters, numbers and special characters that in the end will not be understandable by the human eye.

Example


  • User: admin
  • Password: admin1234 (due to some bad practice, putting your username in your password)

    • After performing the hash, something like this would remain: $2a$12$LtZ9b2NeQga0BAdi8ntTn.9fcAfAP0y1sbYEPN/Naikw5424gtYAG

    Salting


    Sometimes it is necessary to add another layer of security such as a private key (as when we talk about SSH) in this aspect salting comes into play. Which is that before the hash of our password is generated, add a set of letters, numbers and symbols (the longer the better) so that in case someone malicious gains access to our databases despite having the hashing, without the correct salting it will not be able to match.


    You can find more information on the subject at the following link

    Sign up for more like this.

    Enter your email
    Subscribe