LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What are salt and cost in password hashing?

Salt is a random per-user value mixed into the password, and cost sets how many iterations the hash takes.

$2y$10$ASC9x1HQpq9ruZx/1w7lMebkg4SuQFTubDKcc.ROVvX...
 ↑   ↑  ↑
Alg Cost Salt                              Hash

Salt:

  • Random per-user value stored with hash
  • Prevents precomputed "rainbow table" attacks
  • Same password = different hash for each user

Cost:

  • Number of iterations (e.g., 10 = 2^10 iterations)
  • Higher = slower to compute (harder to brute-force)
  • ~100ms for login is acceptable; expensive for attackers

Go deeper:

From Quiz: WEBT / User Sessions | Updated: Jul 05, 2026