Where do you store your salt strings?

by

The point of rainbow tables is that they’re created in advance and distributed en masse to save calculation time for others – it takes just as long to generate rainbow tables on the fly as it would to just crack the password+salt combination directly (since effectively what’s being done when generating rainbow tables is pre-running the calculations for brute-forcing the hash), thus the argument that by knowing the salt someone could “generate a rainbow table” is spurious.

There’s no real point in storing salts in a separate file as long as they’re on a per-user basis – the point of the salt is simply to make it so that one rainbow table can’t break every password in the DB.

More Related Contents:

  1. Non-random salt for password hashes
  2. How can I hash passwords in postgresql?
  3. Fundamental difference between Hashing and Encryption algorithms
  4. Is “double hashing” a password less secure than just hashing it once?
  5. Password hashing, salt and storage of hashed values
  6. Best Practices: Salting & peppering passwords?
  7. Why do salts make dictionary attacks ‘impossible’?
  8. What is the clash rate for md5? [closed]
  9. Do I need a “random salt” once per password or only once per database?
  10. Difference between Hashing a Password and Encrypting it
  11. Salt Generation and open source software
  12. JWT (JSON Web Token) automatic prolongation of expiration
  13. How does password salt help against a rainbow table attack?
  14. Salting Your Password: Best Practices? [closed]
  15. SHA512 vs. Blowfish and Bcrypt [closed]
  16. The necessity of hiding the salt for a hash
  17. Salt and hash a password in Python
  18. SPA best practices for authentication and session management
  19. What algorithm should I use to hash passwords into my database? [duplicate]
  20. How are software license keys generated?
  21. How to properly do private key management
  22. Symfony2 extending DefaultAuthenticationSuccessHandler
  23. md5 decoding. How they do it?
  24. What is the best Distributed Brute Force countermeasure? [closed]
  25. Should I hash the password before sending it to the server side?
  26. Why not use MD5 for password hashing?
  27. How to manually decrypt an ASP.NET Core Authentication cookie?
  28. Where is the PEM file format specified?
  29. Best practices for server-side handling of JWT tokens [closed]
  30. How to send password securely via HTTP using Javascript in absence of HTTPS?

Leave a Comment