How "dynamic salt" hashing works?

4
votes

Well, I don't know what it is really called so I call it dynamic salt hashing. Recently, I have encountered a hashing algorithm which uses dynamic salt(generated randomly). As a result, same string produces different hash values. I wonder how it is works as well as how it is verified. The verify function takes only 2 parameters: the string and the hash value. I want to know how it works.

Edit:

I have seen a similar (but not duplicate) question to mine: https://crypto.stackexchange.com/questions/1770/salts-how-does-the-script-know-what-the-salt-is

Both my question and that one, is not yet answered.

1
hashsalt
It would be easier if you could tell us which algorithm it is - Prasun Jajodia
it is BCrypt, i think - someone
BCrypt stores the salt inside the resulting hash value. Check out the example here, that should make it clear: en.wikipedia.org/wiki/Bcrypt - CBroe
Thanks. I have encountered that before, I've just forgot about it. - someone

1 Answers

2
votes

The main reason for dynamic salt is to prevent "Rainbow table" attack.

Therefore, you will have to store the salt somewhere (e.g. in the table). Then, each time you want to verify password you will have to get this specific salt.

The term "dynamic salt" is not that it is changing every time you verify it. It only means that it is dynamic for each record.

This paper has everything you need to know.