Salting password is not necessary
Given the information presented so far in this thread, you’re right. So far, salts have been discussed as a mechanism for making the password longer, as a way to defeat rainbow tables (and brute force, for that matter). In this perspective, salts buy you nothing that a longer passphrase wouldn’t buy (except possibly somewhat higher entropy).
The real reason for using salts is not as a password extender (that can be solved with longer passwords) - it is as a password mutator.
The reason that salts are used is that users reuse their passwords between systems. If I crack your password on one site (finding an input string that produces the same hash) I can now log in as you on all other sites that use the same hashing function and where you have used the same password. Unless, that is, the password has been salted differently on all those different sites. Then I could only log in to those other sites as you if I actually have your plain text password, which is not what I get by cracking a hashed password.
Thus, you could acheive the real purpose of having a salt by using the salt value to mutate the password in some way without even making it longer. You could even make the password shorter. The important part is that, even if I use the same password on all sites, my password will be mutated differently on all sites, so that someone who has found a string that results in my hash on one system won’t be able to reuse it on another system.
Of course, mutating the the password so that it becomes shorter would have the negative side effect of making the password easier to crack, so that is obviously not the suggested approach. Correspondingly, if you mutate the password in such a way as to make it longer, you make it a little harder to crack as a bonus. But this is a bonus, and /not/ the primary reason salts are used.
I’ve just written a blog post trying to explain this difference and why, in my opinion, storing passwords in plain text should be illegal.
a href="http://www.matshelander.com/wordpress/?p=73"http://www.matshelander.com/wordpress/?p=73/a
/Mats