identical hash values, which could make it easier for a hacker to guess the passwords from their hash value.

Instead, a salt is generated and appended to each password, which causes the resultant hash to output different values for the same original password.

The salt and hash are then stored in the database. To later test if a password a user enters is correct, the same process can be performed on it (appending that user's salt to the password and calculating the resultant hash): if the result does not match the stored hash,

1.Previous
3.Next