Explain, please, how with the same incoming password on the output, we get different keys?

I understand the basic crypto-primitives symmetric / asymmetric encryption, block / stream, hashing, mac / hmac, but not kdf :(

For example bcrypt. How he does it? Ok, so how can you understand, we just interfere with the salt and get different values, but how does it then validate that this password is valid for this key, if the salt was random?

  • In my case, salt is known and stored along with encrypted data. - coder675
  • @ coder675 but then the salt disappears - kostik21730
  • Does not disappear. The meaning of salt is that you cannot tell by the two keys that they are made of one password. - Alexey Ten
  • @alexey This concerned the previous comment. Salt is meaningless if it is stored in a hash. Actually this is the question, if the salt is different each time and is unknown, how can we check the match of the password? - kostik21730
  • Salt (almost) is always stored with the hash, and it is not meaningless. For example php.net/manual/ru/function.password-hash.php - Alexey Ten

1 answer 1

Salt at the same time protects against several types of attacks:

  • Attack with the dictionary. If an attacker has generated several billion passwords and hashes, he can check for a linear time whether there is a specific hash in the dictionary and what password is under it. When there is salt, such a table is useless, or you need to generate your own table for each possible salt (which is a useless exercise with the correct length of salt).
  • Rainbow tables. More advanced version of the dictionary, which takes less memory.
  • Protects weak passwords. Even if hundreds of users set the password "qwerty", the attacker sees different hashes in the database, and he needs to work with each user separately to crack passwords.

As you can see, even if the salt is known to the attacker, this creates a very serious inconvenience.