Steve Atkins <steve@blighty.com> writes:
> A random salt stored with the hashed password increases the storage
> and precomputation time required by the size of the salt (so a 16 bit
> salt would increase the storage and precomputation time needed by
> a factor of 65536). That increase makes the pre-computed dictionary
> attack pretty much infeasible.
[ raised eyebrow... ] It is not immediately obvious that a factor of
2^16 makes the difference between feasible and infeasible. As
counterexamples, if it would otherwise take you one microsecond to break
the password, 64 milliseconds isn't going to scare you; if it would
otherwise take you a century to break the password, raising it to
64k centuries isn't going to make for a very meaningful improvement in
security either.
Show me a scheme where the random salt isn't stored right beside the
password, and I might start to get interested.
regards, tom lane