The LastPass hacking saga has led to non-technical users reading articles using terms such as salting and hashing, which may seem alien to them. A few people contacted me asking what they do, and I wanted to write a short post describing them.

Salting is the process of adding random data, referred to as "a salt," to a password before it is hashed. This technique helps protect against dictionary attacks, in which an attacker attempts to crack a hashed password using a pre-computed list of common passwords. A unique salt is added to each password so that the hashed value will be different even if the same password is used multiple times.

The process of hashing involves taking an input (or message) and converting it into a fixed-length string of characters called a 'hash value'. The same input will always produce the same hash value; however, a minor change to the input will result in a vastly different hash value. As a result, it is extremely difficult for an attacker to reverse engineer the original input from the hash value.

The combination of salting and hashing provides a high level of protection for passwords and other sensitive information. During the creation of a password, the salt is added to the password, and the resulting value is hashed. The hashed value, as well as the salt, is then stored in a database. When the user enters their password to log in, the system adds the same salt to the entered password, hashes it, and compares the resulting value to the stored hash. Access is granted to the user if the values match.

Although salting and hashing provide a high level of security, they are not foolproof. Therefore, you should still use a strong and unique password.

Keywords: Salting, Hashing, Encryption, Password security, Dictionary attacks, Data privacy, Hash functions, Cryptography, Information security, Data integrity, One-way functions, Secure password management, Hash algorithm, Password hashing, Password protection.