Salts, randomness and difficulty
#1
Hello, I'm writing a paper on hashing incorporating the major topics of salting, slow algorithms, common attacks etc.

I understand that salting a value (for hashing) is primarily to prevent the use of pre-computed hash comparisons (rainbow tables) and have read many times that this is the only thing you get by salting.

However from the research I've done I don't see that this can be true - assuming it's done correctly salting adds randomness to a  value, which also should make brute forcing more complex - the same for dictionary attacks because random characters have now been added to what would be found in a dictionary.


For example:

If the cleartext of my hash is : "Password"
This should be easily solved by bruteforce and dictionary attacks.

But if the cleartext is "Password+SomeLargeSalt"
This is more characters, includes (pseudo)randomness and won't be found in a dictionary.
And so is much harder to guess this value, and therefore more computationally expensive to crack it.

Am I missing something?
Thanks.


Messages In This Thread
Salts, randomness and difficulty - by StuUK - 08-10-2016, 05:21 PM
RE: Salts, randomness and difficulty - by StuUK - 08-15-2016, 10:24 AM