Salt Hash Generator

A salted hash is a hash value computed by combining a password with a random string called a salt before hashing. The salt is stored alongside the hash and used again when verifying the password.

Salting prevents rainbow table attacks — precomputed hash tables that attackers use to reverse unsalted hashes. With a unique salt per password, even if two users have the same password, their hashes will be different.

Common Salted Hash Formats

• hash:salt — The hash and salt are concatenated with a separator (e.g., 5d41402abc4b2a76b9719d911017c592:abc123)
• salt$hash — Unix-style format used by many Linux authentication systems
• hash(salt|password) — Salt is prepended (less common but equally secure)
• Fixed-width prefix — Salt is prepended to the hash at a fixed position for easy extraction

1. Enter the text to hash (password or any sensitive value).
2. Enter or generate a salt — Click "Generate" for a random 16-character salt, or type your own.
3. Choose the algorithm — MD5, SHA-1, SHA-256, SHA-384, or SHA-512.
4. Choose salt position — Append (password + salt) or Prepend (salt + password).
5. Click "Generate Salted Hash" — The server computes the hash and shows the result.
6. Store the hash and salt together for later verification.

• Use a unique salt per password — Never reuse the same salt for multiple passwords. This tool generates a random 16-character salt automatically.
• Salt should be long enough — A minimum of 16 bytes (characters) is recommended for the salt. Longer salts do not provide additional security.
• Use cryptographically secure random salts — The salt should be generated using a secure random number generator, not a predictable algorithm.
• For production, use bcrypt or Argon2 — These algorithms handle salt generation and storage automatically, and are designed specifically for password hashing. This tool is useful for education, legacy systems, and custom authentication schemes.