62

Is there a significance to the word "salt" for a password salt?

Kyle Heironimus
  • 6,973
  • 6
  • 33
  • 47
  • Hard to say if this is related, but as a teenager I worked as a package loader at UPS. Every box coming into the truck was supposedly of the same area code, but the supervisors would "salt" boxes to the wrong zip code to make sure we were paying attention. – Eric_WVGG May 28 '15 at 18:59

8 Answers8

44

http://www.derkeiler.com/Newsgroups/comp.security.misc/2003-05/0154.html

The use of the word "salt" is probably a reference to warfare in ancient times, when people would salt the wells or farmland to make it less hospitable. The Romans are sometimes supposed to have done this to Carthage in 146 BC. In the context of passwords, a "salted" password is harder to crack.

Apparently, there's no strong evidence even for the original "salting" of Carthage (http://en.wikipedia.org/wiki/Salting_the_earth) claim, but an interesting hypothesis nonetheless.

N 1.1
  • 12,004
  • 6
  • 39
  • 57
micahwittman
  • 11,510
  • 2
  • 29
  • 37
  • 1
    +1 for the link, although I seriously doubt it's correct (not the history, just the relationship with cryptography) – Jon B Oct 28 '08 at 21:29
  • 7
    Though whether or not the history is correct really has nothing to do with the etymology of the technical term. I have no idea who invented the term "salt" or what they were thinking when they did, but it is certainly possible that they were thinking of an historical allusion that turned out to be inaccurate. Like, if someone says "The author called this program George because, like George Washington, it never tells a lie,", the fact that you can prove that George Washington did tell a lie at some point hardly proves that that was not the source of the name of the product. – Jay Oct 19 '09 at 13:45
43

Maybe because salt goes well with hash?

Jim Buck
  • 19,506
  • 10
  • 50
  • 72
24

The only meaning is that you are adding something to your password before you hash it, similarly to adding salt to your meal :-)

Leopold Cimrman
  • 461
  • 2
  • 5
  • This is what I've guessed, but never found anything authoritative to back it up. Can you cite any sources for this? – erickson Oct 28 '08 at 22:43
  • I don't have any source at hand now. That was only my perception from the texts I have read about that some time ago. – Leopold Cimrman Oct 29 '08 at 10:08
13

According to Ken Thompson, one of the first people to use the term in a book, it's related to the term "salting a mine", referring to gold mines. Whether that is "correct" or not who knows? I doubt there's an actual correct answer to this, it's just one of those terms that doesn't really have to have a reason as long as what it means is understood.

Gerald
  • 22,093
  • 10
  • 67
  • 98
  • Interesting. Can you elaborate? What does it mean to "salt a mine"? – erickson Oct 28 '08 at 21:42
  • It means to artificially lace a mine with gold to make it appear to be a gold mine. Not sure that relates directly to the purpose of a salt in cryptography, but not much else does either. – Gerald Oct 28 '08 at 22:10
  • 4
    Well, there surely is a correct answer. I mean, someone must have been the first to use the term, and he must have had some reason for thinking it was appropriate. That said, I have no idea who invented it or what he was thinking. It might have been something very clear and insightful, or it may have just been that he was eating lunch when he came up with the idea and, groping for what to call it, noticed the salt shaker on the table in front of him. (There have been less significant origins of technical terms than that. Cf "googol" and "quark".) – Jay Oct 19 '09 at 13:48
6

I would guess because it's easy to add "salt" (NaCl or a fixed string). But once you do, the output is irrevocably changed (food, encrypted password).

jwmiller5
  • 2,534
  • 1
  • 15
  • 32
  • 3
    if you put a potato, it's going to remove the salt. `http://wiki.answers.com/Q/How_do_you_remove_salt_from_food_when_you're_cooking` – Stefano Borini Mar 24 '10 at 03:36
4

I had thought it related to the verb salt ...

(salt away) informal put by (money) secretly.

-- http://www.askoxford.com/concise_oed/saltx?view=uk

Fionnuala
  • 88,508
  • 7
  • 103
  • 141
1

Because before you hash the password, you add a random text to it. So, it looks like as if you add some "salt" to the original "food" ... password :)

mohammedn
  • 2,808
  • 3
  • 20
  • 28
1

Once you add salt to food the real taste is no longer visible. So basically this is a figurative saying; add a little salt and it changes the original dish.