Luna
. It’ll generate a hash for you. That hash will be 818468ddb460c3bd842a28f371bca99e
. That looks like we turned personal information (a name) into a jumble of random letters and numbers, right?
But, now copy 818468ddb460c3bd842a28f371bca99e
and paste it into crackstation.net. You’ll see that it knows it’s an “md5 hash” and gives you the result of Luna
. Meaning it cracked the hash, and simply hashing data like this isn’t great at protecting it from privacy abuses.
This is where salts come into play. As we said, salts add random data to the input before it’s hashed, making it near-impossible to crack later. For example, let’s say our salt is fathom-rocks:
, so we’d add it to our input, making it fathom-rocks:Luna
.
Now, go ahead and type fathom-rocks:Luna
into md5hashgenerator.com and hash it. You’ll receive a hash of daa506e9f40dda55a14c641d660c5cbe
. Now, paste that string into the hash cracker at crackstation.net. This time, it’ll show you a “not found” result, meaning it cannot crack the hash (and also meaning that data of fathom-rocks:Luna
is safe and secure).
Because there’s not enough computer power to practically try every possible salt value (because fathom-rocks
could be anything), it makes a brute force attack on the hashed data damn near impossible.
Most companies, if they are salting and hashing data for their customers, use a single non-changing salt or a salt per user account. But, Fathom goes much, much further with data protection and creates a unique salt at the site level (i.e. one unique salt per site visited), and we change that salt every 24 hours. So, even if someone were to find out what the salt we used for a single site and tried to crack our database, they’d only have 24 hours’ worth of data to crack because the salt would change. And they’d only have data for a single site because the salt is different for every site (meaning they couldn’t see how a person visited many sites across the web, which is what some analytics software does) without having ALL the salts for ALL the sites using Fathom.
So as you can see from the above, salts are now used, so hackers can’t crack hashes without trillions of dollars available to them.