In cryptography, a pepper is something that is added to another value (for example a password) prior to the value being hashed using a cryptographic hash function. A pepper can be added to a password in addition to a salt value. A pepper performs a similar role to a salt, however whereas a salt is commonly stored alongside the value being hashed, for something to be defined as a pepper, it should meet one of the following criteria that define it a more carefully hidden 'secret' than the salt value:
Contents
The pepper value adds security to a collection of compromised data because it increases the amount of computations to determine one piece of data.
Example Usage
Here is a simplified example usage of a pepper value for an account creation. This first table has two username, password, and pepper combinations. The password and pepper are not stored.
The pepper value is generated at random and is typically within a limited set of values because it isn't stored; the pepper is 1 byte in this example for simplicity. The pepper value is appended to the password value before hashing the entire value. The hashed value is stored.
When determining if the account has valid credentials, the program will check if the password matches the hashed value stored by iterating through all the possible pepper values and appending them to the entered password one at a time. Using the example above, here is an illustration for how this process would be completed for user1:
Since the pepper value for user1 is 2, the program would stop here; the account has been verified. For user2, the process is very similar except the program would keep iterating until it reached user2's pepper value:
If the attacker is attempting to brute force a password that is stored with a pepper value, the attacker must append every pepper value to the guess in order to get full coverage. This could multiply the amount of hashing per guess quickly, depending on the length of the pepper value. The idea is to increase the amount of time it would take to brute force while still keeping the honest user's time to gain access relatively low.
Example Usage (with Salt)
While this is more secure than just hashing the password, it is usually used in conjunction with the salt value. Here is an example where both are used:
Again, the password and pepper value are not stored, but the salt value and hashed value are stored.