I think I will get the academic side of this forum rolling.
In reading the chapters for assignment 1, and coming across the encryption section (specifically the password section), I find the text incomplete.
It mentions that encrypted passwords are relatively secure, with one way encryptions being more secure, and goes on to say some systems even dont
restrict access to the encrypted password file. While the text mentioned that it was a better idea to restrict access to this file, it did not say why, but mentioned
that it would be difficult to decrypt the hashes even if they did become available to someone.
I felt this was not 100% honest, and that the text should have mentioned the existence of rainbow tables, which are massive lists of pre-unencrypted hashes. A list of
hashed passwords can easily be compared to a rainbow table to find matches, and can be done in no time at all. Even worse, I found that there is no mention of rainbow
tables in the entire textbook.
The use of salt helps to guard against the use of rainbow tables (provided the encryption is one way).