In cryptography, a pepper is a secret added to an input such as a password prior to being hashed with a cryptographic hash function. A pepper performs a similar role to a salt, but while a salt is stored alongside the hashed output, a pepper is not. A pepper usually meets one of two criteria:
- The pepper is at least as long as the salt and is stored separately from the value to be hashed, often as an application secret.
- The pepper is small and randomly generated for each input to be hashed, and is never stored. To verify whether an input matches, the application iterates through the full set of possible values for the pepper (to avoid timing attacks), testing each resulting hash in turn[dubious ]
A pepper adds security to a database of hashes because it increases the number of secret values that must be recovered (whether by brute force or discovery) to recover the inputs.
Here is an incomplete example of using a constant pepper when storing passwords. This first table has two username and password combinations.
The password is not stored, and the 8-byte (64-bit) pepper 44534C70C6883DE2 is stored in a secure location separate to the hashed values.
|Username||String to be Hashed||Hashed Value = SHA256(Password + Pepper)|
In contrast to a salt, a pepper does not on its own protect against identifying users who have the same password, but it does protect against dictionary attacks unless the attacker has the pepper value. As a pepper will not be shared between applications, an attacker will be unable to directly match hashes from one leaked database to another.
A complete password storage scheme would typically include a salt and pepper.
- "Catena: A Memory-Consuming Password-Scrambling Framework". citeseerx.ist.psu.edu. Retrieved 2016-12-09.
This article "Pepper (cryptography)" is from Wikipedia. The list of its authors can be seen in its historical. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.