Difference between SALT and KEY. Encryption

cody picture cody · Sep 5, 2011 · Viewed 15.3k times · Source

Alright, so im trying to learn a little about Encrypting messages in my java application. I just found out that SALT and KEY aren't the same.

Can someone help me understand what the difference between the two is?

Answer

Oliver Charlesworth picture Oliver Charlesworth · Sep 5, 2011

The key is, crudely, the equivalent of a password; you use it to encrypt a message, and then the same key gets used to decrypt it back to the original plaintext. (Well, it gets a little more complex, once you have public and private keys, and so on.)

A salt is most typically encountered with cryptographic hash functions, not encryption functions. The idea is that rather than hashing just your data (e.g. a password), you hash data+salt, where salt is typically a randomly-generated string. They have (at least) two purposes:

  • To foil an attacker who has access to the hashed data from identifying a collision using a rainbow table.
  • To slow down an attacker who's trying a brute-force attack.