[eluser]Chad Fulton[/eluser]
Quote:The per-user salt is a bad idea. I’ll try to explain why through scenarios:
1. Attacker doesn’t have code or database access: Attacker can’t use a rainbow table with either site-wide or per-user salt. Guessing the password is the only option.
2. Attacker has code and database: No difference using per-user salt or site-wide salt.
3. Attacker has code, therefore he has the database credentials. See #2.
4. Attacker has database, but not code: Attacker can’t create a rainbow table unless he can guess how the salt is applied. That would be easy to do though if per-user salts were stored in the database, since as soon as the correct algorithm for applying the salt were guessed, the rainbow table would be revealed. So, site-wide salt could be combined with the per-user salt, but using just a site-wide salt alone would be just as secure since a rainbow table can’t be created if you don’t know the site-wide salt - see #1. So a per-user salt when combined with a site-wide salt is useless and just adds overhead.
I think you may need to rethink your thoughts on #2 and #3. As people above have mentioned, if you have the code and the database, and the passwords have hashed in some way, then your only solution to retrieving the original passwords is to create a rainbow table. There are three cases:
1. A standard hash has been used (md5, sha, etc), in which case you can just use an existing rainbow table.
2. A standard hash has been used with a site-wide salt, in which case you need to make a
single rainbow table using that salt
3. A standard hash has been used with a per-user salt, in which case you need to make
one rainbow table per user using their specific salt
So, as you can see, it definitely makes a difference whether you use a per-user or site-wide salt.
-----------------------
However, here's my general thought on this security issue:
1. There is not much overhead, and some additional security added, by adding a salt (either per-user or site-wide), so why not use it?
2. People like to make a big fuss about salts, etc. the fact is that a sufficiently determined attacker will be able to do something to get the passwords he wants if he gets your database and code. Probably better to make sure that doesn't happen then to do something complex and difficult with the password hashing mechanism.
3. It's probably better to start off more secure (i.e. per-user salt) rather than less (i.e. just hashing) because you won't be able to easily change it down the road.