On Wed, 20 May 2009, Jonathan Yu wrote:
There are web sites that specialize in that sort of thing. So having a
2-byte salt can really help stop those attacks, or at least make the
amount of space needed infeasible (since every different 2 character
salt will require you to generate an entirely different rainbow
table).
16 bits of salt is roughly less than 64TB for a rainbow table that includes
all salt values. That's doable in this day & age, I'd go at least four
bytes, if not more. Adding a larger salt incurs virtually no penalty for
legitimate users, but makes it uneconomical for the attackers.
--Arthur Corliss
Live Free or Die
