Reputation: 249
salted password security
Why is it safer to store passwords with a different salt for every password? As passwords are hashed after being salted, I see no reason to use a different salt.
Is it easier to brute-force the password with a known salt or something? Or do hackers make their own rainbow tables once they know the salt?
Kind regards
Upvotes: 0
Views: 211
Answers (3)
Reputation: 165193
Ok, let's get one thing straight: Salting has nothing to do with rainbow tables. Yes. Say that again. Salting has nothing to do with rainbow tables.
Well, that's not entirely true. Salts are used to prevent time and memory tradeoffs by amortizing the cost of attacking one hash against the cost of other hashes.
In the case of a rainbow table, using a salt means that the entire table is invalidated.
But there are other ways of invalidating an entire table. You could append a static string to each password (which is not a salt). That would defeat rainbow tables...
The Real Enemy
The real enemy here is not rainbow tables. The real enemy is brute forcing. Modern day machines are so fast at brute forcing that it's cheaper to build a gigantic GPU cluster and do advanced brute-forcing than it is to store enough rainbow table to make it worth the slow disk access.
A salt helps defeat bruteforcing because it's unique. Not per password. Not per user, but unique in the universe (statistically at least). This is why you want to use a random number, and not the username, email or anything predictable.
Again, not because we don't want predictability. But because we want statistical uniqueness. If an attacker attacks two sites that both use usernames as salts, he can amortize his attacks against both hashes at the same time (even though both may be using different passwords).
Salts should be random, and per user.
Upvotes: 1
Reputation: 483
If you use only one salt, the hacker only has to rebuild their rainbow tables once and can use them for your entire database. Duplicate passwords will be easier to find, too.
Use individual hashes and an expensive algorithm (bcrypt, scrypt).
Upvotes: 2
Reputation: 5065
When you give each password its own individual salt there is no common bond between every salt in every password. So even if the "hacker" cracks one password, he won't have a salt for any other password.
When it comes to using PHP and salting your passwords, you should use a slow encryption, such as crypt. The faster you encrypt something, the quicker the "hacker" can find a way to decrypt it.
You could simply a function that creates a new salt based on a person's username, email, or combination of a few things.
Upvotes: 3
Related Questions
- Password hashing, salt and storage of hashed values
- Salting passwords 101
- Password Salt: Additional Best Practices
- Non-random salt for password hashes
- Salt, passwords and security
- Passwords, Salts, And Security Concepts
- Password hashing and salting
- Multiple Salts to protect passwords
- Salting Passwords
- Salted password hashes