[5] Salting is broadly used in cybersecurity, from Unix system credentials to Internet security.
While generally discouraged due to lower security, some systems use timestamps or simple counters as a source of salt.
Sometimes, a salt may be generated by combining a random value with additional information, such as a timestamp or user-specific data, to ensure uniqueness across different systems or time periods.
Generation of precomputed tables for databases with unique salts for every password is not viable because of the computational cost of doing so.
[7][8] 16 bytes (128 bits) or more is generally sufficient to provide a large enough space of possible values, minimizing the risk of collisions (i.e., two different passwords ending up with the same salt).
In such installations, the root account on each individual system may be treated as less trusted than the administrators of the centralized password system, so it remains worthwhile to ensure that the security of the password hashing algorithm, including the generation of unique salt values, is adequate.
[citation needed] Another (lesser) benefit of a salt is as follows: two users might choose the same string as their password.
Salting also makes it extremely difficult to determine if a person has used the same password for multiple systems.
It is common for a web application to store in a database the hash value of a user's password.
Without a salt, a successful SQL injection attack may yield easily crackable passwords.
Because many users re-use passwords for multiple sites, the use of a salt is an important component of overall web application security.