what is the threat and solution for when alice sends a password and bob hashing it and comparing it against a database of hashed passwords? Solution In given scenario, dictionary attack may be the possible threat in which hacker tries to get the decipher key by trying million of possibilities like in dictionary. There are various data types of dictionary attack software in the market which ease the work of a hacker. Possible solution for the given threat is using salt which is a random data which is used an additional input for the hashing. A new salt is generated for each password. Generated salt and password are concated and applied to hash function and obtained result is stored in the database with salt value. Since, salt is different for each password, therefore it can be used for common passwords as well. For example, salt is used in UNIX system credentials, Internet security etc..