[Evans] So with a salted password scheme what we'll store in the password file,
we'll have the users, we'll have an extra column that we'll call the salt,
and then we'll store the encrypted password.
What the salt is is random bits. They don't need to be kept secret.
For the UNIX scheme there were 12 random bits.
And they're different for each user.
That's why they're stored in the table.
So for user Alice let's say we have the salt 011010001111,
which is an apparently random sequence.
What we'll store as the encrypted password is the result of hashing the salt
concatenated with Alice's password.
And there are different ways of doing this.
Some hash functions can be modified to behave differently based on another parameter.
But if it's a simple hash function that just takes an input,
we can make the input the salt concatenated with the password.
And then for Bob we'll do the same thing, but we'll have a different sequence of random bits.
And so here what we're storing is the result of hashing Bob's salt,
which is this selection of random bits, concatenated with Bob's password.
This means as long as the salts are different, even if the passwords are the same,
the encrypted passwords will be different.
And this is very similar to what standard UNIX systems did
where H is actually using DES encryption 25 times
using the salt to modify how the encryption happens
and the password as the key and the initial input as 0.
So to see if you understand the impact of salting, I have 2 quizzes.
The question is, how much harder does adding salt make it
for an attacker who compromises a password file
who just wants to learn Alice's password?
The possible answers are not much harder at all;
about twice as hard as it would be without the salt;
and about 2 to the 12, which is 4096, times harder than it would be without the salt.
