During a security audit, you discover that the user-account table in a legacy application stores only the SHA-256 hash of each password. You want to lessen the chance that two users with the same password will create an identical stored value and to render rainbow-table attacks impractical. Which additional technique should you apply to each password before hashing it?
Salting involves adding a unique, random string-called a salt-to the password input before it is hashed. Because each password receives a different salt, identical plaintext passwords no longer produce identical hashes, dramatically reducing the effectiveness of rainbow-table attacks and improving overall password-database security.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is salting in password security?
Open an interactive chat with Bash
How do rainbow tables work, and why does salting protect against them?