On 14/10/2013 21:17, Michael Orlitzky wrote: > On 10/14/2013 02:49 PM, Martin Vaeth wrote: >> >>> Hiding the salt would just be security through obscurity. >> >> And yet it is stupid if you do not do it and give away a >> huge constant factor for no advantage. >> > > (I'll just agree to disagree about the rest.) > > Keeping the salt secret makes your application more complex. Rather than > "SELECT hash, salt FROM users WHERE...", you now have to "SELECT hash > FROM users WHERE..." and then pull the salt from somewhere else. (Where? > The filesystem? Do you encrypt that? How?) > > What's stupid is going to all that effort for a 2x improvement when you > could twiddle a bit and get a 340282366920938463463374607431768211456x > improvement. > >
Keep in mind the actual original purpose of a salted hash. If two users happen to use the same password[1], the hashes are the same and this is revealed to anyone who can read /etc/passwd[2] i.e everyone. Salt obscures this 1-to-1 mapping and does it in a way that it is not computationally worth while to try get around it for the general case[3]. It's not quite the same thing as security by obscurity - that is hiding something in a place you think no-one will think of looking but usually turns out to be viable to try and guess. Salt works because brute force now doesn't need just one expensive calculation, it needs many thousands of expensive calculations. If the actual problem is that salt is inadequate, the solution is not to try and hide it, but to use a more complex hashing algorithm with larger salt. It's a race between white and black hats - they build bigger and better rainbow tables, we implement bigger and better hashes. The constraint is how much cpu grunt is available for purchase at a realistic cost. [1] This is not uncommon. The domain size of all possible passwords for a implementation is very very large. Human psychology says that the actual domain size of passwords people will pick is a tiny fraction of the whole. Hence salt. [2] Nowadays we use shadow, but the development of salt pre-dates shadow -- Alan McKinnon alan.mckin...@gmail.com