Crooks will have to make two successful guesses to crack two identical passwords, not one.It also stops attackers from using lists of pre-computed hashes, because they now need a hash lookup list for every possible salt.
Salting adds a unique secret to your password so that if even if somebody else is using it you’ll still have different hashes.
Newly revealed documents show that Open Whisper Systems (OWS) – maker of the encrypted chat app Signal – was secretly subpoenaed by the Feds earlier this year.
Besides its own chat app, OWS is the force behind the Signal Protocol, which powers the encryption built into Whats App, Facebook Messenger, and Google’s Allo.
So, sure, Yahoo have been using MD5 as the hashing algorithm at the heart of a salt, hash and stretch routine, and if they did, why not say so?
Would you use a phrase that’s already used to describe a popular but ineffective form of password storage to describe one that isn’t?