Can you crack a hashed password when the salt is stored next to the hash?

Question

Can you crack a hashed password when the salt is stored next to the hash?

Ok, so I read (alot!) About security and the whole deal about hashing, escaping, encryption, etc., and something that I see really eavesdrops on me. It seems like a lot of people who really seem to know that their stuff keeps talking about it in order to save salt with a hashed password in the database.

I can not help but wonder why? What if your database is reset? They have access to everything, which for me means that they can look at any record and voila (!) There is a hashed password and plain text salt next to it. This gives them the information they need to run it against rainbow tables and / or dictionary attacks, right?

I need to miss something (yes, that never happened!), And I really would like enlightenment on this subject.

+7

passwords hash salt

86Stang Aug 9 '11 at 23:30

source share

1 answer

cdhowie · Accepted Answer · 2011-08-09T23:34:42+0000

Rainbow tables are ineffective against a collection of differently salted passwords, even if the salt is known; you would need to build a different table for each salt, and that would defeat the whole purpose of the rainbow tables. For an attacker, each individual password will be faster. This is the purpose of using salt for the user.

In other words, rainbow tables are only effective when you try to break a lot of passwords that were all digested the same, using the same digest algorithm. Throwing in different salts for each password means that not all passwords are digested the same way.

Can you crack a hashed password when the salt is stored next to the hash?

More articles: