I am definitely not an expert, but the really short answer is that "salting" a line of text means to stick a few extra characters on the end of it. You could salt "salt" with "abcdefg" to get "saltabcdefg". This might be useful if "salt" happens to be a password that you'd like to make more difficult to guess.

我绝对不是专家，但真正简短的回答是“加盐”一行文本意味着在它的末尾添加一些额外的字符。你可以用“abcdefg”加盐“salt”以获得“saltabcdefg”。如果“salt”恰好是您想让它更难猜测的密码，这可能会很有用。

Typically, the password+salt are transformed ('hashed') by some difficult-to-reverse process into a completely different string. This transformed string is then stored as the password, together with the plaintext of the salt, and the original plain text of the password proper is tossed away. When you want to check that someone has input the correct password, you combine whatever they've typed in with the salt that's listed in the password file and then hash the result. If the result matches the password hash you have on record, then you know that they've put in the right password.

通常，密码+盐通过一些难以逆转的过程被转换（“散列”）成一个完全不同的字符串。然后将这个转换后的字符串与盐的明文一起存储为密码，而密码的原始明文将被丢弃。当您想检查某人是否输入了正确的密码时，您可以将他们输入的任何内容与密码文件中列出的盐组合起来，然后对结果进行哈希处理。如果结果与您记录的密码哈希匹配，那么您就知道他们输入了正确的密码。

Implementing a salt can be as easy as picking a string to serve as the salt and then making sure you keep track of it. But, you could vary the salt with each password, and then you'll have to have a way of keeping track of password+salt combinations as well as generating the variations. Of course, you'll probably also want to hash the password rather than saving the password's plain text, and so you'll have to pick a hash function. At this point, the problem has proceeded from salting proper to implementing a password security scheme.

实现盐就像选择一根绳子作为盐一样简单，然后确保你跟踪它。但是，您可以使用每个密码更改盐，然后您必须有一种方法来跟踪密码+盐组合以及生成变体。当然，您可能还想对密码进行散列而不是保存密码的纯文本，因此您必须选择一个散列函数。在这一点上，问题已经从适当的加盐到实施密码安全方案。

For PHP, you might want to look at how some of the frameworks have implemented this. Two quick links, for CakePHP and Zend, respectively:

对于 PHP，您可能想了解一些框架是如何实现这一点的。两个快速链接，分别用于 CakePHP 和 Zend：

http://www.jotlab.com/2010/04/18/cakephp-rainbow-table-protection-behaviour/

http://www.jotlab.com/2010/04/18/cakephp-rainbow-table-protection-behaviour/

http://www.zimuel.it/blog/2009/07/build-a-secure-login-with-zend-framework/

http://www.zimuel.it/blog/2009/07/build-a-secure-login-with-zend-framework/

When I first asked this question, many years ago, I was asked in response, "What does salt do for food?" The answer is that it adds variety to food. The idea behind cryptographic salt is that it's something you add to the end or beginning of a string in order that two passwords that are identical don't hash to the same cryptographic value.

多年前，当我第一次问这个问题时，有人问我：“盐对食物有什么作用？” 答案是它增加了食物的多样性。加密盐背后的想法是，它是您添加到字符串末尾或开头的东西，以便两个相同的密码不会散列到相同的加密值。

Consider this - if I had a password that was really common, like 'hello123', and then it hashed to the exact same cryptographic hash as all other 'hello123' passwords, couldn't I just look in the list of hashed passwords to see who else had the same cryptographic hash, and use my password on their account?

考虑一下 - 如果我有一个非常常见的密码，比如“hello123”，然后它散列到与所有其他“hello123”密码完全相同的加密散列，我不能只查看散列密码列表来查看还有谁拥有相同的加密哈希，并在他们的帐户上使用我的密码？

A salt is a (short) string that is added to the string you want to encrypt or hash. An Example:

盐是添加到要加密或散列的字符串的（短）字符串。一个例子：

<?php
 $password = 'abcdefg';
 $salt = 'anythingyouwant_';
 $pw_hash = md5($salt.$password);
?>

This adds security to the hash, as it's unlikely that "anythingyouwant_abcdefg" is already stored in a hash-database ( http://en.wikipedia.org/wiki/Rainbow_tables)

这增加了哈希的安全性，因为“anythingyouwant_abcdefg”不太可能已经存储在哈希数据库中（http://en.wikipedia.org/wiki/Rainbow_tables）

Well its in the comments, thanks ceejayoz

好吧，在评论中，谢谢ceejayoz

http://en.wikipedia.org/wiki/Salt_(cryptography)

http://en.wikipedia.org/wiki/Salt_(密码学)

A salt is something you add to a string before you hash it, it adds another layer of security to passwords and the like.

盐是您在散列字符串之前添加到字符串的东西，它为密码等增加了另一层安全性。

For some reason. Salts are usually hard for people new to cryptography to grasp. Once it clicks though, the concept is extremely simple. Have a look at this article. I think it explains the concept better than most.

因为某些原因。对于不熟悉密码学的人来说，盐通常很难掌握。一旦点击，这个概念就非常简单。看看这篇文章。我认为它比大多数人更好地解释了这个概念。

http://cryptodox.com/Salt_%28cryptography%29

http://cryptodox.com/Salt_%28cryptography%29

Let us spice up things a little by combining several algorithms for hashing, making a double hashing algorithm:

让我们通过组合几种散列算法来增加一些趣味，制作一个双散列算法：

$password = "myPassword";
$salt = sha1(md5($password)).'k32duem01vZsQ2lB8g0s'; 
$password = md5($password.$salt);

As you can see, we first hashed the password using double hashing algorithm (md5 and sha1) and concatenating with a key created salt value. After that, we combined real password with generated salt value and hashed it again with md5. The advantage is that this way alt value is random and it changes, making it nearly impossible to break. I mean, if you can wait for a million years and have a super computer on your hands, try to break it.

如您所见，我们首先使用双散列算法（md5 和 sha1）对密码进行散列，并与密钥创建的盐值连接。之后，我们将真实密码与生成的盐值结合起来，并用 md5 再次散列。优点是这种方式的 alt 值是随机的，并且会发生变化，因此几乎不可能被破解。我的意思是，如果你能等一百万年，手上有一台超级计算机，试着打破它。