Why is a password salt called a "salt"?

passwords salt
Kyle Heironimus picture Kyle Heironimus · Oct 28, 2008 · Viewed 14.4k times · Source

Is there a significance to the word "salt" for a password salt?

Answer

micahwittman picture micahwittman · Oct 28, 2008

http://www.derkeiler.com/Newsgroups/comp.security.misc/2003-05/0154.html

The use of the word "salt" is probably a reference to warfare in ancient times, when people would salt the wells or farmland to make it less hospitable. The Romans are sometimes supposed to have done this to Carthage in 146 BC. In the context of passwords, a "salted" password is harder to crack.

Apparently, there's no strong evidence even for the original "salting" of Carthage (http://en.wikipedia.org/wiki/Salting_the_earth) claim, but an interesting hypothesis nonetheless.

Related questions

Hash and salt passwords in C#

I was just going through one of DavidHayden's articles on Hashing User Passwords. Really I can't get what he is trying to achieve. Here is his code: private static string CreateSalt(int size) { //Generate a cryptographic random number. RNGCryptoServiceProvider rng = …

Read More
Salt and hash a password in Python

This code is supposed to hash a password with a salt. The salt and hashed password are being saved in the database. The password itself is not. Given the sensitive nature of the operation, I wanted to make sure everything …

Read More
Salting Your Password: Best Practices?

I've always been curious... Which is better when salting a password for hashing: prefix, or postfix? Why? Or does it matter, so long as you salt? To explain: We all (hopefully) know by now that we should salt a password …

Read More