Why it seems to me common to say that a hash salt is "random"?

Question

I'm not a cryptography expert. In this video, and in some other places in the web, I saw hash salts are being called "random".

But if the salt is created only once and then reused each time anew, that is, added before the password as H({S,P}) each time anew with its same value,

how come it seems to me to be commonly named "random"?

The only thing seems random to me is the creation process. Is it indeed the case?

score 2 · Accepted Answer · edited Sep 25 '17 at 09:47

2

When we hash passwords with a salt, a new salt is selected at random for each new password. So different passwords have different random salts. However, the same salt is reused for future authentication attempts.

Typically, when the authentication system is supplied with the user id and password, it fetches the salted hash for the required user, hashes the provided password with the old salt and checks against the stored hash.

So yes, only the creation process of the salt is random.

edited Sep 25 '17 at 09:47

Maarten Bodewes

92,551
13
161
313

answered Sep 25 '17 at 05:23

Meir Maor

11,835
1
23
54

1

Also the only thing that can be random about a fixed value (as opposed to a continuous stream) is its creation process. – SAI Peregrinus Sep 25 '17 at 05:59

Why it seems to me common to say that a hash salt is "random"?

1 Answers1