Pepper (cryptography)

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages) This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Pepper" cryptography – news · newspapers · books · scholar · JSTOR (December 2016) (Learn how and when to remove this message) This article needs attention from an expert in Cryptography. Please add a reason or a talk parameter to this template to explain the issue with the article. WikiProject Cryptography may be able to help recruit an expert. (May 2016) (Learn how and when to remove this message)

In cryptography, a pepper is something that is added to another value (for example a password) prior to the value being hashed using a cryptographic hash function. A pepper can be added to a password in addition to a salt value. A pepper performs a similar role to a salt, however whereas a salt is commonly stored alongside the value being hashed, for something to be defined as a pepper, it should meet one of the following criteria that define it a more carefully hidden 'secret' than the salt value:

• The pepper is held separately from the value to be hashed
• The pepper is randomly generated for each value to be hashed (within a limited set of values), and is never stored. When data is tested against a hashed value for a match, this is done by iterating through the set of values valid for the pepper, and each one in turn is added to the data to be tested (usually by suffixing it to the data), before the cryptographic hash function is run on the combined value.^[1]

The pepper value adds security to a collection of compromised data because it increases the amount of computations to determine one piece of data.

Here is a simplified example usage of a pepper value for an account creation. This first table has two username, password, and pepper combinations. The password and pepper are not stored.

The pepper value is generated at random and is typically within a limited set of values because it isn't stored; the pepper is 1 byte in this example for simplicity. The pepper value is appended to the password value before hashing the entire value. The hashed value is stored.

When determining if the account has valid credentials, the program will check if the password matches the hashed value stored by iterating through all the possible pepper values and appending them to the entered password one at a time. Using the example above, here is an illustration for how this process would be completed for user1:

Since the pepper value for user1 is 2, the program would stop here; the account has been verified. For user2, the process is very similar except the program would keep iterating until it reached user2's pepper value:

If the attacker is attempting to brute force a password that is stored with a pepper value, the attacker must append every pepper value to the guess in order to get full coverage. This could multiply the amount of hashing per guess quickly, depending on the length of the pepper value. The idea is to increase the amount of time it would take to brute force while still keeping the honest user's time to gain access relatively low.

While this is more secure than just hashing the password, it is usually used in conjunction with the salt value. Here is an example where both are used:

Again, the password and pepper value are not stored, but the salt value and hashed value are stored.

• passwd