+1  A: 

Apart from rainbow tables there are also bruteforce tools to resolve a hash. This doesn't prevent unsalted hashes from being resolved. It only takes a longer as stronger the password is. Salting would certainly still make sense.

BalusC
i'm confused as to what your answer is exactly. are you saying that the salt helps simply as it adds to length, and therefor processing time for a bruteforce crack? but a strong password is already sufficiently lengthy to ensure virtually complete security from a brute attack
Nona Urbiz
No, without a known salt you cannot resolve the actual password, regardless of the strongness of the password.
BalusC
but in essence, doesn't the salt just become part of the password?
Nona Urbiz
The presence of salt means I can't reuse the results I generated while bruteforcing one server to bruteforce another - I have to start over again from scratch for each target. Also, I need to know the salt in order to be able to find a plaintext collision, although generally if the hashed salted password is available to me, the salt also is.
moonshadow
i mentioned in my op that cross system security is irrelevant in this theoretical discussion
Nona Urbiz
It's not irrelevant, or at least is not made so by the reasons you cite. The question is whether the attack is a class break or not - whether the cost of an attack is to be paid per target or per hash algorithm; this is true regardless of whether the user reuses the passwords or not.
moonshadow
+7  A: 

If you can guarantee that all users will never reuse passwords, and that none of their passwords will ever be of a form that it is computationally feasible to precalculate colliding hashes for, then indeed the salt is little additional benefit.

However, the salt is also of little additional cost; while these premises are very hard indeed to guarantee, and the cost of being wrong about them is high. Keep the salt.

moonshadow
+1  A: 

This feels like you want to make an assumption, then base your security on that assumption. When you assumption becomes bad, for whatever reason, then your security becomes bad.

So how might your assumption (that strong passwords don't need salting) become invalid?

1) Over time, larger, more comprehensive rainbow tables are generated. This is something I would worry about if it is up to your user to choose a strong password. They might think they have done a good job, and you and your safety checking might think they have done a good job too, but later it turns out their thought process creating the password was easily duplicated by stringing a few words and numbers together.

2) If users cannot choose their password, your strong password generation process might, due to bug or whatever, turn out to be not as strong as you want.

3) Your user might be too lazy to come up with a site-unique/strong password! This is surely the most important problem. Do you really want to generate a system which is usable only by cryptographic experts? :)

Tim Lovell-Smith
+1  A: 

Rainbow tables are most definitely not restricted to dictionary passwords or the like. Most tend to include every character combination up to some max length - after all, it's a one time cost for generation. Do your users all use 12+ character passwords? Unlikely.

Dav on a Plane