0

Let's assume the following situation:

The attacker has extracted 1000 password hashes from a website (vuln.com) along with all their usernames and hashing algorithm (assume bcrypt). The only piece of information stopping them from cracking all the hashes is the missing passwords and salts. Assume the salts are all cryptographically random.

What would change if the attacker also has all the salts?

What are the differences between cracking the hashes with and without knowing the salts?

AleksanderCH
  • 6,511
  • 10
  • 31
  • 64
ChocolateOverflow
  • 109
  • 2

2 Answers2

3

The point of using salt is not that it's secret. In fact, it's usually stored together with the hashed password. The point of using salt is that it's different for each entry. This has a few major benefits:

  1. Two users who use the same password won't have the same hash. Hence an attacker can't see which users share a (presumably weak) password.
  2. In a dictionary attack, the attacker can't use a precomputed table of bcrypt hashes. Instead, they have to compute each hash for each salt anew. In particular, the use of salt is a pretty good defense against attacks using rainbow tables.
wallenborn
  • 314
  • 2
  • 8
0

wallenborn has correctly described the actual purpose of a salt and its implementation. If a salt or an analogous value is kept secret, it is sometimes called pepper.

A pepper that is long enough and randomly generated makes a big difference to password cracking. Even simple passwords like 123 would be safe.

The only problem is to implement the pepper in a way that it is always available for password hashing and still remains secret.

BeloumiX
  • 995
  • 9
  • 19