Why have a different salt for every password?

Asked Sep 24 '13 at 20:53

Active Sep 24 '13 at 20:58

Viewed 141 times

Adding a long salt prevents an attacker to use a rainbow table attack. I add, for example, fve4qrwgfAGVWRVfedSGFGBVSEASionvwegsf32 to all the passwords before hashing, he's definitely not going to have a rainbow table for these words.

So, why use a different salt for every password? The only reason I see is that an attacker could create a rainbow table once with the default salt, and use that rainbow table then. Is that it?

edited Sep 24 '13 at 20:58

halfer

19,824
17
99
186

asked Sep 24 '13 at 20:53

good_evening

21,085
65
193
298

1

Because even if you figure out the salt, it will only work with one password. – Robert Harvey Sep 24 '13 at 20:56
@RobertHarvey The salt is already as public as the hash, so there is nothing to figure out. – ntoskrnl Sep 25 '13 at 13:26
Salts prevent multi-target attacks, i.e. validating one password guess against many hashes. Rainbow tables are just one form of multi-target attack, typically not the best even without salt. – CodesInChaos Sep 25 '13 at 15:58

Why have a different salt for every password?

0 Answers0