Salt

In cybersecurity, a salt is a unique, randomly generated string of data that is appended to a password or other sensitive input before it is processed through a cryptographic hashing algorithm. When a user creates an account, a distinct salt is generated and combined with their password. The resulting concatenation is then hashed, and both the hash output and the salt are stored in the database—while the original password is never retained. This ensures that even if two users choose identical passwords, the stored hashes will be entirely different.

Salt serves as a critical defense against common attack techniques. It renders rainbow table attacks ineffective, since precomputed hash tables cannot account for the vast number of possible random salt values. It also significantly increases the difficulty of brute-force attacks, as each salted hash must be cracked individually rather than in bulk. By guaranteeing unique hashes for every stored credential, salting strengthens user authentication systems and protects sensitive data from widespread compromise in the event of a database breach.