🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Hash with Predictable Salt

In cryptography, salt refers to some random addition of data to an input before hashing. Without unique hashing salts adversaries can pre-compute the hash value using dictionary attack techniques such as rainbow tables.

Remediation

Use an adaptive hash function that can be configured to change the amount of computational effort needed to compute the hash, such as the number of iterations ("stretching") or the amount of memory required (e.g. bcrypt).

Metadata

  • Severity: low
  • Slug: hash-with-predictable-salt

CWEs

  • 759: Use of a One-Way Hash without a Salt
  • 1240: Use of a Cryptographic Primitive with a Risky Implementation
  • 760: Use of a One-Way Hash with a Predictable Salt

OWASP

  • A9:2017: Using Components with Known Vulnerabilities

Available Labs

Open Javascript labs in SecDim Play for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.