How does Unix SALT help protect passwords?
I was in class the other day and we were talking about Unix SALT and how it makes the passwords much harder to guess. My issue is that the SALT is stored in plaintext right next to the hashed password so how could this make it more secure? I mean if th开发者_如何学JAVAe SALT is right there so you append it and then hash your guess. Also, the issue about precomputing the guesses in a rainbow table doesn't make sense to me either. You would just look at the SALT and first only precompute it with the given SALT. The only argument I can think of is that the malicious user cannot access /etc/password file but then how would the hacker know the hashes of the password. I would really appreciate it if someone could point me in the right direction. Thanks!
Without using a salt, you can precompute a rainbow table for any password. A salt would make the attacker have to precompute a rainbow table for every different salt.
For more information, see You're Probably Storing Passwords Incorrectly.
Read all about password hacking using rainbow-tables in this post by Jeff Atwood. Contains information regarding "salting" as well as links to deep-dive into the subject.
精彩评论