Static vs. Dynamic Credential Salting Explained | by Dennis Chow

January 26, 2016


Many applications, operating systems, and other authentication mechanisms that take in credentials utilize a known defense against cyber-attackers known as "salting." For the non-IT or InfoSec professionals, whenever you create an account for any service, you more than likely created a password. Even though this is a known defense, it's got different methods of implementation. The problem is, depending on this method of implementation, modern computing power makes it still a very low barrier to entry in "cracking" your passwords if the service you're using is ever compromised. After a debate with another Information Security colleague and with a developer asking me what would be a "better practice" of implementing credential salts, I've decided to make this article and demonstration.


Many developers of applications and systems have taken your password that you have entered and sent it through a mathematical function that turns your password into an encoded output. The idea is that even though it's easy to turn your password into this new output, it's theoretically impossible to reverse the output to your original password. Commonly known hash types include, but are not limited to, MD5 and SHA-1. How these functions work are beyond the scope of this article. Just know whatever password entered, such as "foobar", is sent through something like MD5 and then it spits out something that looks like this: "3858f62230ac3c915f300c664312c63f" This is the result of you using the password "foobar" and the MD5 one-way hashing function.


Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.