๐ Passwords & Secrets
What Is a Salt in Password Hashing?
By Justin Le
ยท 5 min read ยท Updated June 27, 2026 If you've read anything about storing passwords, you've seen the word "salt." It's a small idea with a big impact on security. This guide explains what a salt is, the attack it defeats, and how it relates to bcrypt and peppers.
What is a salt?
A salt is a random value added to a password before it's hashed. Instead of storing
hash(password), you store hash(password + salt), along with the salt
itself. Each user gets a different, randomly generated salt. The salt isn't secret โ it's
stored next to the hash โ its job is to make every hash unique.
The problem salts solve
Without a salt, the same password always produces the same hash. That creates two weaknesses. First, if two users pick the same password, their stored hashes are identical โ visible to anyone who steals the database. Second, and more seriously, attackers can precompute the hashes of millions of common passwords into giant lookup tables called rainbow tables, then instantly match them against a stolen hash.
How a salt defeats rainbow tables
Because each password is combined with a unique random salt, identical passwords produce different hashes. A precomputed rainbow table is useless: the attacker would need a separate table for every possible salt, which is computationally impossible. Salting forces attackers to crack each hash individually rather than looking them all up at once.
Why every salt must be unique
Reusing one salt across all users would still let an attacker build a single table for that salt and crack everyone at once. A unique, random salt per password is what makes the defense work. Generate salts from a cryptographic random source โ the same kind of randomness behind our API key generator.
Salting is built into modern password hashes
The good news: you usually don't manage salts yourself. Algorithms like
bcrypt, scrypt and Argon2 generate a random salt automatically and store it
inside the hash output. A bcrypt string like $2b$12$N9qo8uLO... contains
the algorithm, cost, salt and hash all together, so the verifier has everything it needs.
That's one reason these are the right tools for passwords โ see
bcrypt vs SHA-256.
Salt vs pepper
A pepper is related but different: it's a secret value added to every password (in addition to the per-user salt), and โ crucially โ it's not stored with the hash. It's kept separately, for example in application config or an HSM. The idea is that even if the database leaks, the attacker is missing the pepper. Salts defeat precomputation; a pepper adds a secret the database alone doesn't reveal. Peppers are optional and add operational complexity, while salting is essential and non-negotiable.
Try it
Generate two bcrypt hashes of the same password with our bcrypt generator and notice they're completely different โ that's the salt at work. Create strong passwords to hash with the password generator.
Frequently asked questions
What is a salt in password hashing?
A random value added to a password before hashing, stored alongside the hash. It makes each hash unique so identical passwords don't produce identical hashes, defeating precomputed rainbow tables.
Does a salt need to be secret?
No. A salt is stored next to the hash and isn't secret. Its purpose is uniqueness, not secrecy โ it forces attackers to crack each hash individually rather than using a precomputed table.
What's the difference between a salt and a pepper?
A salt is unique per password and stored with the hash. A pepper is a single secret value added to all passwords and kept separately from the database, so a leaked database alone doesn't reveal it.
Try the related tools
- Bcrypt Hash Generator & Checker Hash a password with bcrypt at an adjustable cost factor, or verify a password against a hash.
- Password Generator Create strong, random passwords with custom length and character sets โ generated securely in your browser.
- Hash Generator (MD5, SHA-1, SHA-256, SHA-512) Compute MD5, SHA-1, SHA-256, SHA-384 and SHA-512 digests from any text.
Related guides
- Bcrypt vs SHA-256: Why You Don't Hash Passwords with SHA SHA-256 is fast โ which is exactly why it's the wrong way to store passwords. Here's why bcrypt (or Argon2) wins, and how salting and cost factors work.
- What Is a Hash Function? What a hash function actually does, the properties that make it useful, and the difference between a cryptographic hash and a hash for storing passwords.
- How to Create a Strong Password (and Why Length Wins) Forget swapping letters for symbols. Here's what really makes a password strong โ entropy, length, uniqueness โ and the simple system that beats memorising rules.