LOGBOOK

HELP

Quiz Entry - updated: 2026.06.18

What are the four steps of the salting procedure when a user creates an account?

Generate salt → append to password → hash the combination → store both salt and hash (NOT the password).

Register: generate salt, hash password+salt, store salt+hash, discard password. Login: recompute and compare.

* Registration stores salt+hash; login recomputes hash(submitted+salt) and compares. *

A password combined with a per-user salt before hashing.

* A per-user salt is mixed in before hashing. — KryptoKek, CC BY-SA 4.0, via Wikimedia Commons. *

The four steps:

  1. Generate salt — Random unique value, ideally per-user. Use a CSPRNG (cryptographically secure RNG), not Math.random().

  2. Append salt to password — Combine before hashing: combined = password + salt (or salt + password — order doesn't matter as long as it's consistent)

  3. Hash the combination — Run through your hash function: stored_hash = hash(password + salt)

  4. Store salt and hash — Both go to the database. The plaintext password is discarded. The salt is NOT secret.

Database row example:

user_id | username | salt           | hash

From Quiz: INTROL / Password Cracking | Updated: Jun 18, 2026