Salts, randomness and difficulty
You're surprisingly missing some stuff.

"salting prevent the use of rainbowtables"

Yes except when the salt is the same for a bunch of hashes (in that case you could generate rainbowtables for this specific salt), also with the power of GPUs we tend to use rainbowtables quite less.

"salting makes cracking harder/more expensive"

Kind of, but not really the way you describe it.

Usually the salt is linked to the hash, so when you crack you provide it to hashcat (have you even used hashcat ? noticed there is a ton of modes handling salts ?), so it doesn't make attacks harder at all except for 2 cases :
  • if there are multiple salts and you're targeting more than a single hash, your speed will be divided by the number of salts
  • if there is a unique salt that you don't know, you would indeed need to find it, but in case it's found, there is a single salt, so almost no speed drop compared to the first case
The general advice is to indeed salt the hashes, with a per user/hash salt, that is something that can easily be done with algorithms like bcrypt for example.

Messages In This Thread
Salts, randomness and difficulty - by StuUK - 08-10-2016, 05:21 PM
RE: Salts, randomness and difficulty - by Xanadrel - 08-10-2016, 07:42 PM
RE: Salts, randomness and difficulty - by StuUK - 08-15-2016, 10:24 AM