The salt string is added in to a password hash to make it harder to detect identical password. Under the original unix crypt (using DES), the salt was two characters, giving 4096 possible salts. This meant that two users with the same password would NOT have the same password hash (unless, by pure chance, they got the same salt). It's basically just there to avoid precomputed dictionary attacks and to make passwords hashable in multiple ways. MD5 passwords have an 8 character salt, which gives about 2.8 * 10^14 salts (which is, in itself, cryptographically huge).
|