← Concepts
General Security ConceptsSY0-701 · Task 1.4

Salting and key stretching — SY0-701

Master salting and key stretching for CompTIA Security+ SY0-701: what each technique does, when to apply it, and the exam traps candidates fall into.

WHAT IT IS

Salting is the practice of appending or prepending a non-secret value — the salt — to data before it is processed by a cryptographic function. NIST defines a salt as "a non-secret value that is used in a cryptographic process, usually to ensure that the results of computations for one instance cannot be reused by an attacker" (CNSSI 4009-2015, via NIST CSRC Glossary).

Key stretching is a technique that deliberately increases the computational effort required to derive a key or verify a credential from a low-entropy input such as a password. It is implemented through a password-based key derivation function (KDF) — a function that takes a key or shared secret, along with other data, and generates keying material in a non-reversible manner (NIST SP 800-152; NIST SP 800-57 Part 1 Rev. 5).

The two techniques are complementary: salting defeats precomputed-table attacks by making each computation unique; key stretching defeats brute-force and offline attacks by making each individual computation expensive.

Mental model

Think of a cryptographic hash function as a postage-franking machine: it stamps any message to a fixed-length seal (FIPS 186-5). The machine is deterministic — the same letter always gets the same stamp — and one-way: you cannot reconstruct the letter from the stamp alone (preimage resistance, FIPS 186-5).

The problem: because the machine is deterministic, an attacker who precomputes stamps for every common password can look up a stolen stamp in a table and instantly recover the password. Identical passwords produce identical stamps, so the table works for every account at once.

Salting gives each letter a unique envelope before franking. Now the stamp encodes "password + this user's unique envelope," so the precomputed table is useless — a new table would have to be built per user.

Key stretching replaces the single-stamp machine with a machine that runs the franking press thousands of times before producing a final result. An attacker trying to brute-force passwords must pay that cost for every guess, dramatically increasing the effort required to overcome the protection (CNSSI 4009-2015: work factor is "the effort or time needed by a potential perpetrator, with specified expertise and resources, to overcome a protective measure").

When to use it

PropertySaltingKey Stretching
Primary threat counteredPrecomputed table attacks (attacker reuses previously computed hash results)Brute-force and offline attacks (attacker analyzes stolen data on their own system)
MechanismUnique non-secret value added to each input before hashingKDF applies the hash function repeatedly, increasing per-guess cost
Effect on storageSalt must be stored alongside the hashOutput length is similar; iteration parameters may also be stored
Protects identical passwords from each other?Yes — different salts produce different outputs even for the same passwordNo — without a salt, two identical passwords still produce the same output
Protects against offline guessing?Partially — forces attacker to redo work per-userYes — multiplies the work factor for every single guess
Used together?Typically yes — modern password KDFs incorporate both

NIST defines an offline attack as one "in which the attacker obtains some data... that the attacker is able to analyze in a system of their own choosing" (NIST SP 800-63-4). Both salting and key stretching are defenses against offline attacks; they address different aspects of the threat.

COMMON MISCONCEPTION

The exam trap: treating salting as a secrecy mechanism.

A salt is explicitly defined as a non-secret value (CNSSI 4009-2015). Its protective value comes not from being hidden, but from being unique per instance — ensuring "that the results of computations for one instance cannot be reused by an attacker" (ibid.). Candidates who believe a salt must be kept secret, or that revealing the salt breaks security, have misunderstood the mechanism.

A related trap is conflating a salt with a nonce. NIST defines a nonce as "a time-varying value that has at most a negligible chance of repeating" used to prevent replay of protocol messages. A salt's purpose is narrower: preventing reuse of precomputed cryptographic results across password instances. The two serve different threat models.

A third misconception is believing that key stretching alone — without salting — is sufficient. Key stretching raises the cost of each guess; salting ensures a precomputed table cannot be reused across accounts. A database of stretched-but-unsalted hashes still allows an attacker to confirm when two users share the same password and to reuse a single successful crack across all matching accounts.

How it shows up on the exam

The cognitive target for this concept is analysis — candidates must identify which mechanism addresses which threat, not merely recall definitions.

Scenario-based questions in this area commonly describe a breach in which a stolen credential database is being attacked offline. Candidates are asked to identify which control was or was not in place based on the described outcome (e.g., identical passwords yielding identical hashes, or an attacker cracking many passwords rapidly).

Signal phrases to watch for:

  • "precomputed tables," "lookup tables," or "rainbow tables" → the concept being tested is salting's role in defeating precomputed-result reuse
  • "offline attack," "analyze on their own system," or "unlimited guesses" → the concept being tested relates to work factor and key stretching
  • "non-secret value" or "random value appended before hashing" → this is describing a salt
  • "password-based key derivation" or "deliberate computational cost" → this is describing key stretching

Candidates often conflate these techniques with encryption. A cryptographic hash function is one-way (preimage resistant per FIPS 186-5); salting and key stretching operate within that one-way paradigm and do not make the output reversible or add a secret key in the symmetric-encryption sense.

Related concepts

Sources

Every claim on this page traces to the public exam blueprint and official documentation:

CutScore is an independent study tool and is not affiliated with, authorized by, endorsed by, or sponsored by Amazon Web Services. “AWS” and “AWS Certified AI Practitioner” are trademarks of Amazon.com, Inc. or its affiliates. All content is independently authored from the public exam blueprint and official documentation — no real exam content is used.

The exam-readiness instrument. Know if you’re ready before you book.

Product
PricingConceptsBlog
Legal
PrivacyTermsRefund policy
Company
Contact
© 2026 The Plain Works Co.AWS and AWS Certified AI Practitioner are trademarks of Amazon.com, Inc. or its affiliates. CutScore is independent and not affiliated with, endorsed by, or sponsored by Amazon Web Services.