[eluser]Rick Jolly[/eluser]
[quote author="wowdezign" date="1263003348"]
So the user-specific salt is effective against a "Cracker" that has one goal in mind, to get all the results. And the common operation on the salt (or site wide salt) thwarts the efforts of the "Script Kiddie" that just wants to get anything he or she can.[/quote]
I wouldn't say per-user salt "thwarts" any type of cracker. It just increases time linearly. If time is a few seconds per user, then you might as well have one salt. That was my point in response to Chad.
Now, you could slow down the hashing which might make a per-user salt more compelling. A single md5(salt + password) is too fast. But even a slow algorithm won't slow a cracker if the required dictionary is small. I'm convinced the only method to foil a cracker worth mentioning is to enforce complex passwords.
