Salt and Pepper

security cryptography

Definition

Salt and Pepper

Salt and pepper are randomly generated strings that are concatenated with a user’s password before applying a cryptographic hash function:

$$\text{Hash}=h(\text{Password}\Vert \text{Salt}\Vert \text{Pepper})$$

Salt salt is a random string that is different for every user. It is stored alongside the hash in the passwords list.

A

Pepper pepper is a secret string that is shared for all users. It must be stored safely outside the passwords list (for example, in a hardware security module).

A

Comparison

	Salt	Pepper
Scope	per-user	global
Storage	with the hash	outside the database
Secrecy	public	secret
Purpose	defeat precomputation	add entropy even if database leaks

Effect on Attacks

Defence against Precomputation

A per-user salt forces an attacker to build a separate rainbow table or precomputed dictionary for every user. A global pepper forces the attacker to know the pepper value before any offline attack becomes possible.

Even with a leaked password database, without the pepper an attacker cannot verify any guess.

Strong Requirement

Many systems only use salting. Pepper adds defence-in-depth but complicates key management and availability.

Example

Password Database

User	Hash	Salt	Pepper
alice@gmx.de	07 A9 6E 3E 0D … BD	28 64 31 12 95 … EB
bob@yahoo.com	E7 26 5E 61 D4 … FA	90 51 12 68 43 … 30	EF B4 85 02 1F … EA
mauro@gmail.com	78 A9 2B 0E E7 … FC	DB C6 DB A0 57 … 5C

The pepper is identical for all rows and stored outside this table.