Introduction to Hashing and Salting
✅ 1. What is Hashing?
� Definition:
Hashing is the process of converting data (like a password) into a fixed-length, unreadable
string using a mathematical function.
� One-Way Operation:
Once a password is hashed, you cannot reverse it to get the original password.
� Example:
plaintext
Password: password123
Hashed: 482c811da5d5b4bc6d497ffa98491e38 (MD5 hash)
Even if someone sees the hash, they can’t know the real password (in theory).
� Use Case: Why Use Hashing?
• � Storing passwords securely
• � Verifying data integrity (e.g., downloaded files)
• � Digital signatures & blockchain
❗ Problem: What if Two Users Have the Same Password?
Without salting:
plaintext
User A: password123 → hash: abc123
User B: password123 → hash: abc123
Attackers can guess common hashes using a rainbow table (precomputed hashes of common
passwords).
�✅ 2. What is Salting?
� Definition:
Salting is the process of adding a random string (salt) to a password before hashing it, to
make every hash unique.
� Example (with salt):
plaintext
Password: password123
Salt: abXY89$
Combined: password123abXY89$
Hash: 5e8f...abc (now unique)
Now even if 2 users have the same password, their final hashes will be different.
� Without vs With Salt
User Password Salt Hash (bcrypt)
A password123 ab123 h1A...
B password123 xy789 s9Z...
✅ This protects against dictionary and rainbow table attacks.
� Key Terms
Term Meaning
Hash Fixed output of the password
Salt Random value added to the password
Hashing function The algorithm used (e.g., SHA-256, bcrypt)
bcrypt A secure hashing library with built-in salting