A salt is a value that is added to a password (or other secret) which you want to hash one way. This means it could be before, after, or somewhere inside the password, as long as its position and value is consistent for a given supplied password.

盐是添加到您想要以一种方式散列的密码（或其他秘密）的值。这意味着它可以在密码之前、之后或内部的某个位置，只要它的位置和值对于给定的提供的密码是一致的。

What this does is it mitigates dictionary attacks - basically dictionaries of common passwords pre-hashed with no salt - from being used to "guess" a one way password as long as the attacker does not know the hash. If every password has a different hash then it makes it very difficult for an attacker to create a dictionary optimized for cracking your passwords (they would need a dictionary for each separate salt and they would also need to know where the salt was placed in each password).

这样做的作用是减轻字典攻击——基本上是不加盐预先散列的常用密码字典——只要攻击者不知道散列，就可以用来“猜测”单向密码。如果每个密码都有不同的哈希值，那么攻击者就很难创建一个为破解密码而优化的字典（他们需要为每个单独的盐创建一个字典，他们还需要知道盐在每个密码中的位置） ）。

Of course for all of this to be applicable an attacker must have the hashes of your passwords in the first place. This has nothing to do with attacking passwords by guessing them through some input prompt.

当然，要使所有这些都适用，攻击者首先必须拥有您密码的哈希值。这与通过某些输入提示猜测密码来攻击密码无关。

Regarding MySQL specifically if you provide a salt when hashing a password, make sure you record what that salt was somewhere. Then when a user attempts authentication you combine that recorded salt value with the password (during the call to cryptfor example) and if the resulting hash matches then they have entered the correct password. (Note that at no time is the hashing of a password reversed; thus one way.)

特别是关于 MySQL，如果您在对密码进行哈希处理时提供了盐，请确保您在某处记录了该盐是什么。然后，当用户尝试进行身份验证时，您将记录的盐值与密码（crypt例如在调用过程中）结合起来，如果结果哈希匹配，则他们输入了正确的密码。（请注意，密码的散列在任何时候都不会反转；因此是一种方式。）

salt is nothing but an string you attach to the password, either as a constant or through a algorithm

salt 只不过是一个附加到密码的字符串，作为常量或通过算法

which makes it harder for anyone who breached your security and gain access to your stored password, which in return makes in next to impossible for him to use rainbow dictionaries to unlock what the real password is, which in a hacker point of view can be usefull since alot of people use the same password in alot of diffrent sites

这使得任何破坏您的安全并获得您存储密码的人都更难，这反过来又使他几乎不可能使用彩虹词典来解锁真正的密码，这在黑客的角度来看可能很有用因为很多人在很多不同的网站上使用相同的密码

$salt = "this is a salt";
$password = 'this is an password';
$hash = sha1($salt.$password);

That's how you basically could salt a password

这就是你基本上可以为密码加盐的方式

A salt is appended to the plaintext (or vice versa) before hashing in order to make dictionary lookups more expensive.

在散列之前，将盐附加到明文（反之亦然），以使字典查找更加昂贵。