Understanding Bcrypt Salts
Understand how bcrypt salts work, why they are embedded in the hash output, and how they prevent rainbow table attacks. Learn the difference between bcrypt salts and general-purpose salts.
Detailed Explanation
Understanding Bcrypt Salts
A salt is a random value mixed into the hashing process so that identical passwords produce different hashes. Bcrypt handles salting automatically — the salt is generated, used during hashing, and embedded in the output string, so you never need to store or manage it separately.
Why Salts Matter
Without salts, an attacker who obtains a database of hashed passwords can use a rainbow table — a precomputed mapping of passwords to hashes — to look up matches instantly. Salts defeat this attack because each hash is unique even for the same password:
Password: "hunter2"
Hash 1: $2b$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy
Hash 2: $2b$10$ZC4aqkEFhDhGWCrAkvxPjuK7FvYmx.9aHnE5Gcqvr6VjXzRPmHqWe
Same password, completely different hashes — because different salts were used.
Bcrypt Salt Structure
A bcrypt salt is 16 bytes (128 bits) of cryptographically secure random data, encoded using bcrypt’s custom Base64 alphabet into 22 characters. The salt appears directly in the hash string:
$2b$10$N9qo8uLOickgx2ZMRZoMye...
^^^^^^^^^^^^^^^^^^^^^^
22-character encoded salt
Automatic Salt Management
Unlike SHA-256 or MD5 where you must generate, store, and retrieve salts yourself, bcrypt embeds the salt in the output. When verifying a password, the library extracts the salt from the stored hash and uses it to recompute the hash for comparison. This design eliminates an entire class of implementation mistakes:
- No separate salt column needed in your database
- No risk of losing or mismatching salts
- No need to decide on salt length or generation method
Salt Uniqueness
Every call to bcrypt.hash() generates a new random salt, even for the same password. This means:
- Two users with the password "password123" will have completely different hashes
- Re-hashing the same password produces a different output each time
- An attacker must brute-force each hash independently
Cryptographic Randomness
Bcrypt salts must come from a cryptographically secure random number generator (CSPRNG). Using predictable or sequential values as salts would weaken the protection. All reputable bcrypt libraries use the operating system’s CSPRNG automatically.
Use Case
Understanding bcrypt salts is critical when designing authentication systems, migrating from unsalted hash schemes (like plain MD5), or debugging why the same password produces different hashes each time. It is also essential knowledge for security audits where reviewers need to verify that salt generation is truly random and that salts are not being reused across accounts.