-1

When using salt in a password hash, why is it recommended to use a different salt for each password and store it unencrypted in the database?

It seems so pointless. Surely if an attacker gets access to the database and they find out the salt it's just like having no salt at all?

If they are trying to crack passwords through bruteforce and they have the plain unencrypted salt right there in the same row as the encrypted password, they could just concatenate the salt with all the words/phrases they are going to try couldn't they?

Argeman
  • 1,345
  • 8
  • 22
Andy
  • 4,901
  • 5
  • 35
  • 57

6 Answers6

3

The point of the salt is to prevent someone from attacking all the passwords at once. Since each password has a different salt, an attacker has to attack them individually. This greatly reduces the number of possible passwords he can try for each account.

Otherwise, an attacker could just hash a billion possible passwords and then compare each hashed password against his list.

David Schwartz
  • 179,497
  • 17
  • 214
  • 278
1

See http://en.wikipedia.org/wiki/Rainbow_table first.

If you use a random salt for each password, the hacker cannot make use of a rainbow table.

You need to store the salt unencrypted, to be able to hash a string to check if it matches the salted hash of the original password.

Some crypt functions concatenate the unencrypted salt (amongst other things) to the encrypted, salted password. Der php bcrypt blowfish for example.

jgroenen
  • 1,332
  • 1
  • 8
  • 13
0

A public salt makes it more time-consuming to crack a list of passwords. However, it does not make dictionary attacks harder when cracking a single password. The attacker has access to both the encrypted password and the salt, so when running the dictionary attack, the attacker can simply use the known salt when attempting to crack the password.

http://en.wikipedia.org/wiki/Salt_%28cryptography%29

nowhere
  • 1,558
  • 1
  • 12
  • 31
0

To bruteforce a hashed password, an attacker needs to try to hash all possible combinations of letters and symbols and compare it to the hashes he has.

If the attacker has bruteforced a plaintext > hash combination like this once, he knows the plaintext for all identical hashes.

A salt is added to a plaintext before hashing so the same plaintext hashes to a different hash, forcing an attacker to try all combinations of letters for each individual hash, slowing him down tremendously.

deceze
  • 510,633
  • 85
  • 743
  • 889
0

You need the salt to make rainbow tables and that sort of things useless.

The salt can be stored encrypted of course, making things a bit more complicated to crack a single password.

But look how it usually works: You send the salt to the client which uses it to hash the salt+password. So your client would have to decrypt the salt first, which can be done by any atacker in many cases. In cases where the attacker hasn't got the chance to observe the client-behaviour, encrypted hashes might improve security (security by obscurity).

Argeman
  • 1,345
  • 8
  • 22
0

If someone gets a hold of your DB, you're in big, big trouble for a variety of reasons. It would be a lot easier for an attacker to get (or guess) a single salt .. in theory. If they know the only salt you use, they can brute force all passwords simultaneously. If you use a different salt for each user, the attacker has to know each individual salt to attack effectively.

As for encrypting the salt for storage .. I suppose there's nothing wrong with doing that, it's just that it is hopefully rare that an attacker will be able to dump your entire DB. If they could, they may be able to get what they were after anyway even without having to circumvent authentication.

Explosion Pills
  • 188,624
  • 52
  • 326
  • 405