Why the salted hashes are more secure for password hashes?

The normal hashes such as md5, sha1 etc can be easily retrieved by the hackers using a rainbow table. Without the salt the attacker will build a rainbow table once and will use it repeatedly as the hash(md5, sha1 etc.) for a particular password (let say secret) will always be the same. By using the rainbow table they will easily identify the password.

With good sized salt let say 32 bits (ideally 64 or 128 or even more) means the attacker will have to build a rainbow table for every password they want to hack.

A salted hash defeats rainbow table attacks by increasing the size of the rainbow table exponentially.

The password_hash can be used for salting the password using different hashing algorithms.

Comments