Hello, I'm writing a paper on hashing incorporating the major topics of salting, slow algorithms, common attacks etc.
I understand that salting a value (for hashing) is primarily to prevent the use of pre-computed hash comparisons (rainbow tables) and have read many times that this is the only thing you get by salting.
However from the research I've done I don't see that this can be true - assuming it's done correctly salting adds randomness to a value, which also should make brute forcing more complex - the same for dictionary attacks because random characters have now been added to what would be found in a dictionary.
For example:
If the cleartext of my hash is : "Password"
This should be easily solved by bruteforce and dictionary attacks.
But if the cleartext is "Password+SomeLargeSalt"
This is more characters, includes (pseudo)randomness and won't be found in a dictionary.
And so is much harder to guess this value, and therefore more computationally expensive to crack it.
Am I missing something?
Thanks.
I understand that salting a value (for hashing) is primarily to prevent the use of pre-computed hash comparisons (rainbow tables) and have read many times that this is the only thing you get by salting.
However from the research I've done I don't see that this can be true - assuming it's done correctly salting adds randomness to a value, which also should make brute forcing more complex - the same for dictionary attacks because random characters have now been added to what would be found in a dictionary.
For example:
If the cleartext of my hash is : "Password"
This should be easily solved by bruteforce and dictionary attacks.
But if the cleartext is "Password+SomeLargeSalt"
This is more characters, includes (pseudo)randomness and won't be found in a dictionary.
And so is much harder to guess this value, and therefore more computationally expensive to crack it.
Am I missing something?
Thanks.