Password Hasher with Salt - Problem

Implement a secure password hashing system that protects user credentials from rainbow table attacks and brute force attempts. Your implementation must generate random salts, perform key stretching, and provide verification functionality.

Requirements:

Generate a cryptographically secure random salt for each password
Implement key stretching using multiple hash iterations to slow down brute force attacks
Combine salt and password before hashing to prevent rainbow table attacks
Provide a verification function to check if a password matches the stored hash

Function Signatures:

hashPassword(password: string, iterations: number) -> {salt: string, hash: string}
verifyPassword(password: string, salt: string, hash: string, iterations: number) -> boolean

Note: Use SHA-256 for hashing and ensure salt is at least 32 characters of random alphanumeric characters.

Input & Output

Example 1 — Hash Password

$ Input: password = "mySecret123", iterations = 1000, action = "hash"

› Output: {"salt":"aB3kL9mX4pR7sT2wQ8vN5yE1jH6uI0oP","hash":"7f3e9a2b8c4d1f6e5a7b3c2d8f4e1a9b"}

💡 Note: Generate 32-character random salt, combine with password, apply SHA-256 1000 times. Salt and final hash are returned for secure storage.

Example 2 — Verify Password

$ Input: password = "mySecret123", iterations = 1000, action = "verify"

› Output: {"verified":true}

💡 Note: Use stored salt to recreate hash process, compare with stored hash. Returns true if password matches original.

Example 3 — High Security

$ Input: password = "admin2024!", iterations = 5000, action = "hash"

› Output: {"salt":"X9mK2pR5sT8wQ1vN4yE7jH0uI3oP6lB","hash":"2c8f1e6a9b4d7f3e5a2b8c1d4f7e0a3b"}

💡 Note: Higher iteration count (5000) provides stronger protection against brute force attacks, taking more computational time per attempt.

Constraints

1 ≤ password.length ≤ 1000
100 ≤ iterations ≤ 10000
action ∈ {"hash", "verify"}
Salt must be exactly 32 alphanumeric characters

Visualization

Tap to expand

Asked in

G Google 35 a Amazon 28 M Microsoft 22 f Facebook 18

The key insight is combining random salt generation with key stretching to prevent both rainbow table attacks and brute force attempts. The optimal approach generates a unique 32-character salt for each password and applies SHA-256 iteratively to slow down attack attempts. Time: O(k) where k is iterations, Space: O(1)

Common Approaches

✓ Basic Hash (No Salt)

⏱️ Time: O(1) Space: O(1)

Hash the password directly using SHA-256 without any salt or multiple iterations. This is vulnerable to rainbow table attacks and brute force attempts.

Salted Hash with Key Stretching

⏱️ Time: O(k) Space: O(1)

Generate a cryptographically secure random salt, combine it with the password, and apply SHA-256 multiple times to slow down brute force attacks. Each password gets a unique salt to prevent rainbow table attacks.

Basic Hash (No Salt) — Algorithm Steps

Hash password directly with SHA-256
Return hash without any additional security measures

Visualization

Tap to expand

Step-by-Step Walkthrough

Input Password

Receive plain text password

SHA-256 Hash

Apply single hash function

Vulnerable Output

Store hash without salt protection

Code -

solution.c — C

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/sha.h>

void sha256_string(const char* input, char* output) {
    unsigned char hash[SHA256_DIGEST_LENGTH];
    SHA256_CTX sha256;
    SHA256_Init(&sha256);
    SHA256_Update(&sha256, input, strlen(input));
    SHA256_Final(hash, &sha256);
    
    for (int i = 0; i < SHA256_DIGEST_LENGTH; i++) {
        sprintf(output + (i * 2), "%02x", hash[i]);
    }
    output[64] = 0;
}

int main() {
    char password[1000], action[20];
    int iterations;
    
    fgets(password, sizeof(password), stdin);
    password[strcspn(password, "\n")] = 0;
    
    scanf("%d", &iterations);
    getchar();
    
    fgets(action, sizeof(action), stdin);
    action[strcspn(action, "\n")] = 0;
    
    if (strcmp(action, "hash") == 0) {
        char hash[65];
        sha256_string(password, hash);
        printf("{\"salt\":\"\",\"hash\":\"%s\"}\n", hash);
    } else {
        printf("{\"verified\":true}\n");
    }
    
    return 0;
}

Time & Space Complexity

Time Complexity

⏱️

O(1)

Single SHA-256 hash operation has constant time

✓ Linear Growth

Space Complexity

O(1)

Only stores the hash output, no additional data structures

✓ Linear Space

23.4K Views

Medium Frequency

~35 min Avg. Time

892 Likes

Ln 1, Col 1

Smart Actions

💡 Explanation

AI Ready

💡 Suggestion Tab to accept Esc to dismiss

// Output will appear here after running code

Code Editor Closed

Click the red button to reopen

Password Hasher with Salt - Problem

Input & Output

Constraints

Visualization

Related Problems

Common Approaches

Basic Hash (No Salt) — Algorithm Steps

Visualization

Code -

Time & Space Complexity

Select Compiler