This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)(Learn how and when to remove this template message)
In cryptography, a pepper is a secret added to an input such as a password prior to being hashed with a cryptographic hash function. A pepper performs a similar role to a salt, but while a salt is stored alongside the hashed output, a pepper is not. A pepper usually meets one of two criteria:
- The pepper is at least as long as the salt and is stored separately from the value to be hashed, often as an application secret.
- The pepper is small and randomly generated for each input to be hashed, and is never stored. To verify whether an input matches, the application iterates through the full set of possible values for the pepper (to avoid timing attacks), testing each resulting hash in turn[dubious ]
A pepper adds security to a database of hashes because it increases the number of secret values that must be recovered (whether by brute force or discovery) to recover the inputs.
Here is an incomplete example of using a constant pepper when storing passwords. This first table has two username and password combinations.
The password is not stored, and the 8-byte (64-bit) pepper 44534C70C6883DE2 is stored in a secure location separate to the hashed values.
|Username||String to be Hashed||Hashed Value = SHA256(Password + Pepper)|
In contrast to a salt, a pepper does not on its own protect against identifying users who have the same password, but it does protect against dictionary attacks unless the attacker has the pepper value. As a pepper will not be shared between applications, an attacker will be unable to directly match hashes from one leaked database to another.
- "Catena: A Memory-Consuming Password-Scrambling Framework". citeseerx.ist.psu.edu. Retrieved 2016-12-09.