hash salt

e.g. hash(“hello”) will generate hash value ‘2cf24dba5’, two same plain text have same hash values.

In order to create different hash values despite same original string as well as making hacker harder to steal password, we can randomize the hash by appending or prepending a random string, call a salt, to the password before hashing, for example, hash(“hello”+”abc123”), here abc123 is the salt.

In practice, the salt is stored in DB as a separate column or as part of the hash string itself.

The salt does not need to be secret.

For more details, please refer to this

hash collision

It means two different source string have same hash value.

How to solve

number of hash iteration

For instance, if hash iteration is 2, then it represents hash(hash(“hello”)), that is has twice.