Salting

Salting is a process for adding random data to a password or other data to protect the data from a brute force attack usually prior to performing a one way hash on the data. This is a means of mitigating a dictionary attack or a brute force attack.

There is an MD5 salting technique which may be used to make it more difficult for sniffers to eavesdrop on passwords or their hashed values.

MD5 salted hash technique

  1. The server sends a large random number to the client when the logon page is requested.
  2. The user enters their password.
  3. Client side Javascript creates a MD5 hash of the entered password.
  4. Client side Javascript appends the large random number to the MD5 hash of the password and creates a hash from the result.
  5. The large random number and hash are transmitted to the server.
  6. The server reads the hash of the user password from the database and appends the large random number to it.
  7. The server creates a hash from the result in the above step and compares it to the received hash from the client