Understanding these two concepts requires knowledge of hashes.
When we log in to a site your entered password is hashed through a hashing algorithm, and it is then compared to the value of the hash stored on a database server that was created and verified the last time you logged in.
These hashes can be cracked by hackers ..they use dictionary attacks and brute-force or rainbow attacks to break these passwords. However, we can make this hard for hackers by using salt and pepper.
A salt is a random value generated for each different password. The process of adding this salt and then hashing the password is called salting.
salting = hash (password + salt)
If my password is test123 and my salt value is 2eb35, the then-new password is 2eb35test123 which can then be hashed into a digest and stored in a database. This lowers the probability that my hash can be found in a pre leaked dictionary. All this makes password cracking slower and tedious for hackers.
Nonetheless, passwords are still hackable. Comes in the picture, pepper, just like salt is a random value, but each user in the database has the same pepper while each user has a different salt value.
Both salt and pepper serve the purpose of making passwords longer and complex.