I read the man crypt and didn't understand what the phrase below means: salt is a two-character string chosen from the set [a-zA-Z0-9./]. This string is used to perturb the algorithm in one of 4096 different ways.
Asked
Active
Viewed 2,142 times
2 Answers
0
The primary function of salts is to defend against dictionary attacks versus a list of password hashes and against pre-computed rainbow table attacks.
Basically adding a little bit of unknown data into the hash prevents an attacker from precomputing all hashes for a given dictionary and then just looking up in the table to find the unhashed value.
dohashi
- 1,771
- 8
- 12
0
Usually to encrypt sensitive data a salt is used.
What this means is your sensitive data (say password) is concatenated with a string(salt), encrypted and then stored.
This protects it against table attacks, in which an attacker, has most dictionary words and their popular algorithm encryption (md5, sha1, etc) Strings in a table. So if he were to have access to the db, he would be able to decipher all of your sensitive data.
Using a salt makes it harder for the attacker since - The attacker needs to know the algorithm used with which the salt was added and would need a specific dictionary for that specific salt, making his life harder.
Ajk_P
- 1,874
- 18
- 23