What is Salt (Cryptography)?

Without a salt, identical passwords always produce identical hashes. An attacker with a precomputed table mapping common passwords to their hash values (a rainbow table) can instantly look up any matching hash in a stolen database. Salting defeats this attack by prepending or mixing a unique random value into each password before hashing. Even if two users have the same password, different salts ensure different hash outputs.

A salt does not need to be secret — it is typically stored in plaintext alongside the hash or derived key. Its purpose is to force the attacker to compute each hash individually rather than using precomputed tables. A 16-byte random salt provides 2^128 possible variations for each password, making precomputation entirely impractical.

Salts are essential in two contexts: password hashing (where they protect stored password hashes in databases) and key derivation (where they ensure that the same passphrase produces different derived keys for different operations). In both cases, the salt must be generated using a cryptographically secure random number generator and must be unique per operation — never reused across users or encryption operations.

How Vaulted uses Salt (Cryptography)

When a passphrase is added to a Vaulted secret, a random 16-byte salt is generated client-side using the Web Crypto API. This salt is fed into PBKDF2 along with the passphrase and 100,000 iterations to derive an AES-KW wrapping key. The salt is then included in the URL fragment so the recipient's browser can re-derive the identical wrapping key from the passphrase. Each secret with a passphrase gets its own unique salt, ensuring that the same passphrase used on different secrets produces different wrapping keys.