rspec/rules/S2053/description.adoc

In cryptography, a "salt" is an extra piece of data which is included when hashing a password. This makes ``++rainbow-table attacks++`` more difficult. Using a cryptographic hash function without an unpredictable salt increases the likelihood that an attacker could successfully find the hash value in databases of precomputed hashes (called ``++rainbow-tables++``).


This rule raises an issue when a hashing function which has been specifically designed for hashing passwords, such as ``++PBKDF2++``, is used with a non-random, reused or too short salt value. It does not raise an issue on base hashing algorithms such as ``++sha1++`` or ``++md5++`` as they should not be used to hash passwords.
	In cryptography, a "salt" is an extra piece of data which is included when hashing a password. This makes ``++rainbow-table attacks++`` more difficult. Using a cryptographic hash function without an unpredictable salt increases the likelihood that an attacker could successfully find the hash value in databases of precomputed hashes (called ``++rainbow-tables++``).


	This rule raises an issue when a hashing function which has been specifically designed for hashing passwords, such as ``++PBKDF2++``, is used with a non-random, reused or too short salt value. It does not raise an issue on base hashing algorithms such as ``++sha1++`` or ``++md5++`` as they should not be used to hash passwords.