> > Can anyone explain to me why a salt is really a good idea
>
> I believe the original purpose was to make it less obvious whether two
> Unix users had the same password.
Ah, plus, as was also pointed out, the attacker cannot precompute a
dictionary attack -- she must do a dictionary attack PER PASSWORD, not per
password file.
This all makes sense. Conclusion: Salt is good. Random salt is best. Any
salt is better than no salt. Thanks for clarifying it, everyone.
--
Tim Ellis
Senior Database Architect
Gamet, Inc.