Salt

A cryptographic salt is a non-secret random value mixed with a password before it is fed into a hash function or KDF such as Argon2, scrypt, bcrypt or PBKDF2. Salts ensure that two users with identical passwords receive different stored hashes, defeating precomputed rainbow tables and making large-scale attacks linear rather than batchable. A salt should be at least 16 bytes, generated from a cryptographically secure RNG, unique per credential, and stored alongside the hash; it is not meant to be secret. Modern password-hash formats (PHC string, $argon2id$..., $2b$..., $scrypt$...) embed the salt directly. Salts are also used in HKDF and in randomised public-key encryption schemes for the same diversification purpose.