Salting a public hash

Posted by Sathvik on Programmers See other posts from Programmers or by Sathvik
Published on 2011-11-19T19:29:19Z Indexed on 2011/11/20 2:15 UTC
Read the original article Hit count: 261

Filed under:

best-practices

|

hashing

Does it make any sense at all to salt a hash which might be available publicly?

It doesn't really make sense to me, but does anyone actually do that?

UPDATE - Some more info:

An acquaintance of mine has a common salted-hash function which he uses throughout his code. So I was wondering if it made any sense at-all, to do so.

Here's the function he used:

hashlib.sha256(string+SALT).hexdigest()

Update2:

Sorry if it wasn't clear. By available publicly I meant, that it is rendered in the HTML of the project (for linking, etc) & can thus be easily read by a third party.

The project is a python based web-app which involves user-created pages which are tracked using their hashes like myproject.com/hash so thus revealing the hash publicly. So my question is, whether in any circumstances would any sane programmer salt such a hash?

Question: Using hashlib.sha256(string+SALT).hexdigest() vs hashlib.sha256(string).hexdigest() , when the hash isn't a secret.

© Programmers or respective owner

Related posts about best-practices

Batch Best Practices and Technical Best Practices Updated

as seen on Oracle Blogs - Search for 'Oracle Blogs'
The Batch Best Practices for Oracle Utilities Application Framework based products (Doc Id: 836362.1) and Technical Best Practices for Oracle Utilities Application Framework Based Products (Doc Id: 560367.1) have been updated with updated and new advice for the various versions of the Oracle… >>> More
Partial template specialization of free functions - best practices

as seen on Stack Overflow - Search for 'Stack Overflow'
As most C++ programmers should know, partial template specialization of free functions is disallowed. For example, the following is illegal C++: template <class T, int N> T mul(const T& x) { return x * N; } template <class T> T mul<T, 0>(const T& x) { return T(0); } //… >>> More
Object Oriented PHP Best Practices

as seen on Stack Overflow - Search for 'Stack Overflow'
Say I have a class which represents a person, a variable within that class would be $name. Previously, In my scripts I would create an instance of the object then set the name by just using: $object->name = "x"; However, I was told this was not best practice? That I should have a function set_name()… >>> More
Good place to look for example Database Designs - Best practices

as seen on Stack Overflow - Search for 'Stack Overflow'
I have been given the task to design a database to store a lot of information for our company. Because the task is rather big and contains multiple modules where users should be able to do stuff, I'm worried about designing a good data model for this. I just don't want to end up with a badly designed… >>> More
Notification Email Best Practices--From Server Setup to Programming

as seen on Stack Overflow - Search for 'Stack Overflow'
All, I'm in the process now of building a SaaS tool that allows network admins to generate notification emails to the members of the end-users of our platform (among many many other things). I'm running into a bit of an "out of my expertise" wall, as I know there are a lot of variables involved… >>> More

Related posts about hashing

Is hashing of just "username + password" as safe as salted hashing

as seen on Programmers - Search for 'Programmers'
I want to hash "user + password". EDIT: prehashing "user" would be an improvement, so my question is also for hashing "hash(user) + password". If cross-site same user is a problem then the hashing changed to hashing "hash(serviceName + user) + password" From what I read about salted hash, using… >>> More
Index Hashing vs Normal Hashing

as seen on Stack Overflow - Search for 'Stack Overflow'
What is index hashing ? What are its advantages over regular hashing techniques ? >>> More
Secure hash and salt for PHP passwords

as seen on Stack Overflow - Search for 'Stack Overflow'
It is currently said that MD5 is partially unsafe. Taking this into consideration, I'd like to know which mechanism to use for password protection. Is “double hashing” a password less secure than just hashing it once? Suggests that hashing multiple times may be a good idea. How to implement password… >>> More
SHA512 vs. Blowfish and Bcrypt

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm looking at hashing algorithms, but couldn't find an answer. Bcrypt uses Blowfish Blowfish is better than MD5 Q: but is Blowfish better than SHA512? Thanks.. Update: I want to clarify that I understand the difference between hashing and encryption. What prompted me to ask the question… >>> More
Do encryption algorithms require an internal hashing algorithm?

as seen on Stack Overflow - Search for 'Stack Overflow'
When I use C# to implement the AES symmetric encryption cipher, I noticed: PasswordDeriveBytes derivedPassword = new PasswordDeriveBytes(password, saltBytesArray, hashAlgorithmName, numPasswordIterations); Why do I need to use a hashing algorithm for AES encryption? Aren't they separate? Or is… >>> More