Can salt just be appended to the password before hashing?

Darcy Sutton

12/13/23, 7:43 AM

I am currently developing the back end of a website for one my projects and needed to store passwords. I knew that I needed to store passwords with salt, and my initial approach was to just generate the salt and append it to the password. However, to check that I wasn't being stupid I looked it up and saw a multitude of functions built into Node.js (the framework I'm using) to incorporate salt into hashing. Is there any reason I can't just append the salt to the password and if not can you please explain because I don't won't to just blindly do something? From my knowledge of hashing and salt, I see no reason why I couldn't do this.

1 + 1

salt

password-hashing

user93353

12/13/23, 7:55 AM

Other than salts, Passwords should be hashed using slow hashing functions instead of regular cryptographic hashing functions. There are ready made functions which do the salting & also slow hash - best to use those instead of reinventing the wheel.

Score:4

Crypto

BeloumiX

12/13/23, 3:35 PM

There is much to be said against using a "normal" hash function for password hashing. The cracking would be accelerated. If you have a good reason to do so anyway, then appending the salt is probably not a relevant vulnerability.

If you use a password hashing algorithm, appending can cause problems. For example, Bcrypt simply cuts off the input (the password) over 56 bytes, so the salt could be truncated without you realizing it.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Can salt just be appended to the password before hashing?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.