Additional Benefits
The modern shadow password system, in which password hashes and other security data are stored in a non-public file, somewhat mitigates these concerns. However, they remain relevant in multi-server installations which use centralized password management systems to "push" passwords or password hashes to multiple systems. In such installations, the root account on each individual system may be treated as less "trusted" than the administrators of the centralized password system, so it remains worthwhile to ensure that the security of the password hashing algorithm, including the generation of unique "salt" values, is adequate.
Salts also help protect against rainbow tables as they, in effect, extend the length and potentially the complexity of the password. If the rainbow tables do not have passwords matching the length (e.g. an 8-byte password, and 2-byte salt, is effectively a 10-byte password) and complexity (non-alphanumeric salt increases the complexity of strictly alphanumeric passwords) of the salted password, then the password will not be found. If found, one will have to remove the salt from the password before it can be used.
Salts also make dictionary attacks and brute-force attacks for cracking large numbers of passwords much slower (but not in the case of cracking just one password). Without salts, an attacker who is cracking many passwords at the same time only needs to hash each password guess once, and compare it to all the hashes. However, with salts, each password will likely have a different salt; so each guess would have to be hashed separately for each salt, which is much slower since hashing is generally computationally expensive.
Another (lesser) benefit of a salt is as follows: two users might choose the same string as their password, or the same user might choose to use the same password on two machines. Without a salt, this password would be stored as the same hash string in the password file. This would disclose the fact that the two accounts have the same password, allowing anyone who knows one of the account's passwords to access the other account. By salting the passwords with two random characters, the odds are that even if two accounts use the same password, no one can discover this by reading password files.
Read more about this topic: Salt (cryptography)
Famous quotes containing the words additional and/or benefits:
“Dog. A kind of additional or subsidiary Deity designed to catch the overflow and surplus of the world’s worship.”
—Ambrose Bierce (1842–1914)
“It is with benefits as with injuries in this respect, that we do not so much weigh the accidental good or evil they do us, as that which they were designed to do us.—That is, we consider no part of them so much as their intention.”
—Laurence Sterne (1713–1768)