Why do salts make dictionary attacks ‘impossible’?
It doesn’t stop dictionary attacks. What it does is stop someone who manages to get a copy of your password file from using a rainbow table to figure out what the passwords are from the hashes. Eventually, it can be brute-forced, though. The answer to that part is to force your users to not use … Read more