A salt is most typically encountered with cryptographic hash functions, not encr yption functions.

The idea is that rather than hashing just your data (e.g. a pa ssword), you hash data+salt, where salt is typically a randomly-generated string . They have (at least) two purposes: To foil an attacker who has access to the hashed data from identifying a collisi on using a rainbow table. To slow down an attacker who's trying a brute-force attack. It is a random number that is needed to access the encrypted data, along with th e password. If an attacker does not know the password, and is trying to guess it with a brute-force attack, then every password he tries has to be tried with ea ch salt value. So, for a one-bit salt (0 or 1), this makes the encryption twice as hard to break in this way. A two bit salt makes it four times as hard, a thre e bit salt eight times as hard, etc. You can imagine how difficult it is to crac k passwords with encryption that uses a 32-bit salt! Salts are stored separately from passwords. That way, even if an attacker steals the password database, it is almost useless to him (if the salt has a lot of bi ts). A cryptographic hash function is a hash function; that is, an algorithm that tak es an arbitrary block of data and returns a fixed-size bit string, the (cryptogr aphic) hash value, such that any (accidental or intentional) change to the data will (with very high probability) change the hash value. The data to be encoded are often called the "message," and the hash value is sometimes called the messa ge digest or simply digest. Cryptographic hash functions have many information security applications, notabl y in digital signatures, message authentication codes (MACs), and other forms of authentication. They can also be used as ordinary hash functions, to index data in hash tables, for fingerprinting, to detect duplicate data or uniquely identi fy files, and as checksums to detect accidental data corruption. Indeed, in info rmation security contexts, cryptographic hash values are sometimes called (digit al) fingerprints, checksums, or just hash values, even though all these terms st and for functions with rather different properties and purposes.