butterfly/kb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
644f96075b
kb/data/developer.mozilla.org/en-US/docs/Glossary/Salt-1.md

32 KiB
Raw Blame History

title chunk source category tags date_saved instance
Salt - Glossary | MDN 2/3 https://developer.mozilla.org/en-US/docs/Glossary/Salt reference web, html, css, javascript, documentation 2026-05-05T05:44:26.461569+00:00 kb-cron

Salt

In cryptography, salt is random data added to a password before it is hashed. This makes it impossible for an attacker to derive passwords from their hashes using precomputed tables of passwords and the corresponding hashes. Passwords should never be stored in their plaintext form, because of the risk that an attacker might break into the database where they are stored. Typically, the password is hashed, and the resulting hash is stored. If the hash function is cryptographically secure, then even if an attacker can get access to the stored hashes, it is impractical for them to reverse the function. To derive a password from a hash, attackers can look up the password corresponding to a hash in a precomputed table (also known as a rainbow table) mapping possible passwords to their hashes:

Password Hash
pa55w0rd 56965E2A...
abcdef BEF57EC7...
letmein 1C8BFE8F...
Although these tables may be very large, such attacks can be effective because table lookup is a fast operation. Adding random salt to passwords before hashing them stops this attack from working because the hash is not calculated based on the password alone but on the password combined with the salt. Unlike the password, the salt does not need to be kept secret: it can be stored alongside the salted and hashed password in the server's database. ## Help improve MDN
Learn how to contribute
This page was last modified on Jul 11, 2025 by MDN contributors. View this page on GitHubReport a problem with this content
  1. Glossary
    1. Abstraction 2. Accent 3. Accessibility 4. Accessibility tree 5. Accessible description 6. Accessible name 7. Adobe Flash 8. Advance measure 9. Ajax 10. Algorithm 11. Alignment container 12. Alignment subject 13. Alpha (alpha channel) 14. ALPN 15. API 16. Apple Safari 17. Application context 18. Argument 19. ARIA 20. ARPA 21. ARPANET 22. Array 23. ASCII 24. Aspect ratio 25. Asynchronous 26. ATAG 27. Attribute 28. Authentication 29. Authenticator 30. Bandwidth 31. Base64 32. Baseline
    2. Baseline (compatibility)
    3. Baseline (typography) 33. BCP 47 language tag 34. Beacon 35. Bézier curve 36. bfcache 37. BiDi 38. BigInt 39. Binding 40. Bitwise flags 41. Blink 42. blink element ( tag) 43. Block
    4. Block (CSS)
    5. Block (scripting) 44. Block cipher mode of operation 45. Block-level content 46. Boolean
    6. Boolean (JavaScript)
    7. Boolean attribute (ARIA)
    8. Boolean attribute (HTML) 47. Bounding box 48. Breadcrumb 49. Brotli compression 50. Browser 51. Browsing context 52. Buffer 53. Bun 54. Cache 55. Cacheable 56. CalDAV 57. Call stack 58. Callback function 59. Camel case 60. Canonical order 61. Canvas 62. Card sorting 63. CardDAV 64. Caret 65. CDN 66. Certificate authority 67. Certified 68. Challenge-response authentication 69. Character 70. Character encoding 71. Character reference 72. Character set 73. Chrome 74. CIA 75. Cipher 76. Cipher suite 77. Ciphertext 78. Class 79. Client-side rendering (CSR) 80. Closure 81. Cloud 82. Cloud computing 83. CMS 84. Code point 85. Code splitting 86. Code unit 87. Codec 88. Color space 89. Color wheel 90. Compile 91. Compile time 92. Composite operation 93. Compression Dictionary Transport 94. Computer programming 95. Conditional 96. Constant 97. Constructor 98. Content header 99. Continuous integration 100. Continuous media 101. Control flow 102. Cookie 103. Copyleft 104. CORS 105. CORS-safelisted request header 106. CORS-safelisted response header 107. Crawler 108. Credential 109. CRLF 110. Cross Axis 111. Cross-site request forgery (CSRF) 112. Cross-site scripting (XSS) 113. CRUD 114. Cryptanalysis 115. Cryptography 116. CSP 117. CSS 118. CSS Object Model (CSSOM) 119. CSS pixel 120. CSS preprocessor 121. Cumulative Layout Shift (CLS) 122. Data structure 123. Database 124. Debounce 125. Decryption 126. Deep copy 127. Delta 128. Denial of Service (DoS) 129. Deno 130. Descriptor (CSS) 131. Deserialization 132. Developer tools 133. Device pixel 134. Digital certificate 135. Digital signature 136. Distributed Denial of Service (DDoS) 137. DMZ 138. DNS 139. Doctype 140. Document directive 141. Document environment 142. DOM (Document Object Model) 143. Domain 144. Domain name 145. Domain sharding 146. Dominator 147. DSL
    9. DSL (Digital Subscriber Line)
    10. DSL (Domain-Specific Language) 148. DTLS (Datagram Transport Layer Security) 149. DTMF (Dual-Tone Multi-Frequency signaling) 150. Dynamic typing 151. ECMA 152. ECMAScript 153. Effective connection type 154. Element 155. Encapsulation 156. Encryption 157. Endianness 158. Engine
    11. JavaScript engine
    12. Rendering engine 159. Entity 160. Entity header 161. Enumerated 162. Escape character 163. Event 164. Exception 165. EXIF 166. Expando 167. Extrinsic size 168. Fallback alignment 169. Falsy 170. Favicon 171. Federated identity 172. Fetch directive 173. Fetch metadata request header 174. Fingerprinting 175. Firefox OS 176. Firewall 177. First Contentful Paint (FCP) 178. First CPU idle 179. First Input Delay (FID) 180. First Meaningful Paint (FMP) 181. First Paint (FP) 182. First-class function 183. Flex 184. Flex container 185. Flex item 186. Flexbox 187. Flow relative values 188. Forbidden request header 189. Forbidden response header name 190. Fork 191. Fragmentainer 192. Frame rate (FPS) 193. FTP 194. FTU 195. Function 196. Fuzz testing 197. Gamut 198. Garbage collection 199. Gecko 200. General header 201. GIF 202. Git 203. Global object 204. Global scope 205. Global variable 206. Glyph 207. Google Chrome 208. GPL 209. GPU 210. Graceful degradation 211. Grid 212. Grid areas 213. Grid Axis 214. Grid Cell 215. Grid Column 216. Grid container 217. Grid lines 218. Grid Row 219. Grid Tracks 220. Guaranteed-invalid value 221. Gutters 222. gzip compression 223. Hash function 224. Hash routing 225. Head 226. High-level programming language 227. HMAC 228. Hoisting 229. HOL blocking 230. Host 231. Hotlink 232. Houdini 233. HPKP 234. HSTS 235. HTML 236. HTML color codes 237. HTML5 238. HTTP 239. HTTP content 240. HTTP header 241. HTTP/2 242. HTTP/3 243. HTTPS 244. HTTPS RR 245. Hyperlink 246. Hypertext 247. IANA 248. ICANN 249. ICE 250. IDE 251. Idempotent 252. Identifier 253. Identity provider (IdP) 254. IDL 255. IETF 256. IIFE 257. IMAP 258. Immutable 259. IndexedDB 260. Information architecture 261. Inheritance 262. Ink overflow 263. Inline-level content 264. Input method editor 265. Inset properties 266. Instance 267. Interaction to Next Paint (INP) 268. Internationalization (i18n) 269. Internet 270. Interpolation 271. Intrinsic size 272. Invariant 273. IP Address 274. IPv4 275. IPv6 276. IRC 277. ISO 278. ISP 279. ITU 280. Jank 281. Java 282. JavaScript 283. Jitter 284. JPEG 285. JSON 286. JSON type representation 287. Just-In-Time Compilation (JIT) 288. Kebab case 289. Key 290. Keyword 291. Largest Contentful Paint (LCP) 292. Latency 293. Layout mode 294. Layout viewport 295. Lazy load 296. Leading 297. LGPL 298. Ligature 299. Literal 300. Local scope 301. Local variable 302. Locale 303. Localization 304. Logical properties 305. Long task 306. Loop 307. Lossless compression 308. Lossy compression 309. LTR (Left To Right) 310. Main axis 311. Main thread 312. Markup 313. MathML 314. Media
    13. Media (Audio-visual presentation)
    14. Media (CSS) 315. Media query 316. Metadata 317. Method 318. Microsoft Edge 319. Microsoft Internet Explorer 320. Middleware 321. MIME 322. MIME type 323. Minification 324. MitM 325. Mixin 326. Mobile first 327.