in reply to Too Convenient Security?

There is most definately a system where the salt is kept separate to the hash - secret key crypto(logy|graphy). What you are saying is completely reasonable, since you are forcing an attacker to check every salt rather than supplying him with the right salt.

Even if the secret key is compromised, you have reverted to the usual security level - the attacker knows the salt, just like in a password file.

It is true that using different salts forces the attacker to use a pre-hashed dictionary 255 times larger, but advances in storage will take care of that soon enough.

____________________
Jeremy
I didn't believe in evil until I dated it.

Replies are listed 'Best First'.
Re: Re: Too Convenient Security?
by n3dst4 (Scribe) on Jan 08, 2002 at 20:49 UTC
    That'd be a dictionary 281,000,000,000,000 times larger - md5crypt has a 48-bit salt.
[reply]

In Section Meditations