Quiz Entry - updated: 2026.07.05
What are salt and cost in password hashing?
Salt is a random per-user value mixed into the password, and cost sets how many iterations the hash takes.
$2y$10$ASC9x1HQpq9ruZx/1w7lMebkg4SuQFTubDKcc.ROVvX...
↑ ↑ ↑
Alg Cost Salt Hash
Salt:
- Random per-user value stored with hash
- Prevents precomputed "rainbow table" attacks
- Same password = different hash for each user
Cost:
- Number of iterations (e.g., 10 = 2^10 iterations)
- Higher = slower to compute (harder to brute-force)
- ~100ms for login is acceptable; expensive for attackers
Go deeper:
Salt (cryptography) (Wikipedia) — how a unique per-user salt defeats rainbow tables and why it need not be kept secret.