|
|
|
|
|
|
by jdmichal
3669 days ago
|
|
|
Salting has zero effect on the targeted cracking of a single password. Salting protects against rainbow tables - sets of pre-calculated hashes plain-text to passwords. These are dangerous because an attacker has a large amount of time to pre-calculate hashes, but (hopefully) only a small amount of time to calculate after a dump before the password is changed. However, if you are starting from scratch and have a single password to crack, there's no difference between a salted and unsalted password. Modern state of the art for targeted attacks is to use slow hash algorithms, such as bcrypt. They have little effect on normal operations, as most users will get the right password within a few tries, so you're adding a negligible amount of time per user. But the extra time has a huge effect when an attacker is trying to calculate millions of hashes for a single user. |
|
|