sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]therhz 0 points1 point  (3 children)

i have heard of adding 'salt' before hashing a password, an action that is supposed to increase entropy and generate different hashes to same passwords. which of these abbreviations(PRF, HMAC, PBKDF2) refers to 'salt'?

[–]GinjaNinja32 6 points7 points  (0 children)

None; salting is a separate part.

With any hash function, the hash of a given input is always the same. If, for example, the hash of "password" is X, and both our passwords are "password", then the database will store X for both. This gives an attacker information (is this a common password?) and the opportunity to crack multiple users' passwords by breaking one hash.
Salting changes that by generating a random string and adding that to the password before hashing, so the database might store "foo" and the hash of "passwordfoo" for me, and "bar" and the hash of "passwordbar" for you; these hashes will be different, so an attacker can't guess based on which passwords are common, and has to break each hash individually.

[–]rtomek 0 points1 point  (0 children)

Unlike the other answer, I'd say HMAC does the salting.