Salting generally just appends a string to your password prior to it being ran through the
hashing algorithm.
Salting makes it so
rainbow tables are no longer effective.
Using Salt: %3jU
MD5 Hashes with salted passwords| Password | Hash |
|---|
| secret | 93a3008431bb4841ea304d8538d128e9 |
| secret! | 9f298d158d592cec27fd21621152a14b |
| trustno1 | 7809ad58835f214b14691c29623d9a12 |
However, not even 830 Billion is enough for this rainbow table to find any of these common passwords now.
The salt-string should never exist in a database, but only in the code itself. This way if the database is compromised it means the salted hashes are largely useless without the salt-string.
Reference: The
rainbow table I am using above is
Hashkiller.co.uk: which boasts of over 830 BILLION unique decrypted MD5 hashes since 2007.
