What is the difference between hash salting and noncing?

security hash cryptography
21,603

Solution 1

A salt is a non-secret, random value that's used to ensure that the same plaintext will not consistently hash to the same output value; it's used to prevent precomputation attacks such as Rainbow Tables.

A nonce ("number used once") is a - typically randomly generated - value that's associated with a message in a cryptographic scheme, and must be unique within some specified scope (such as a given time interval, or a session). It's typically used to prevent replay attacks.

Nonces and salts are similar and serve related purposes, but aren't identical. Both are typically randomly generated, not secret, and serve to prevent attacks that would otherwise be possible against the system. They differ mainly in the context in which they're used, and in the consequences of repeats - a duplicate salt is unimportant, but a duplicate nonce can have dire consequences.

Solution 2

nonce = number used once. If you generate a unique salt for each bit of data you're hashing, then it's essentially a nonce as well.

Solution 3

Hashing is one way process unlike Encryption(using a key we can decrypt). Fixed size and Slight changes in data produces entirely new hash value. It is like finger print. Example: MD5,MD6,SHA-1,SHA-2 and so on..

Storing password in database with hash format also not safe by Rainbow tables, Dictionary attacks and Brute force(GPUs can compute billions of hashes per second). To avoid these issue we need to use Salt.

A Salt(random number) is used so that the same password does not always generate the same key. i.e. A salt is simply added to make a common password uncommon.

A Salt is something we add to our hash to prevent rainbow attacks using rainbow tables which are basically just huge lookup tables that convert hashes to passwords as follows:

dffsa32fddf23safd -> passwordscrete 
f32ksd4343fdsafsj -> stackoverflow

So hacker can find this rainbow table, to avoid this problem we have to store hash with the combination of password and salt.

hash= hashFunction(passowrd+salt)

A Nonce (Number used only once) does not need to be secret or random, but it must not be reused with the same key. This is used to prevent replay attacks (aka playback attack).

hashing-vs-encryption

Share:
21,603
Ryan Ward
Author by

Ryan Ward

I started my programmer life as a masters level economist working as a government contractor assessing risk on imported products. I spent dozens of hours a day automating these algorithms to pull in news sources and provide me with data. Along the way, I learned a lot about microbiology -- as one would expect assessing rotting food. Now, I am a PhD student in the Department of Genetics at UW - Madison interested in developing basic tools for bioinformaticians, especially those who perform genome arithmetic.

Updated on July 05, 2022

Comments

  • Ryan Ward
    Ryan Ward almost 2 years

    I have read up on these two topics, and I can't seem to quite grasp the difference between salting and noncing hashes.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What's the big deal with brute force on hashes like MD5
What is the clash rate for md5?
How can I hash passwords in postgresql?
Non-random salt for password hashes
Is "double hashing" a password less secure than just hashing it once?
Where do you store your salt strings?
Fundamental difference between Hashing and Encryption algorithms
Produce MD5 or SHA1 hash code to long (64 bits)
Is the c++ hash function reasonably safe for passwords?
How to Hash String using SHA-1 with key?