I believe that when adding a salt to the password you need to store the values so you can compute the hash again. But, what does happen if the attacker get the salt?
How is it possible to add value or strength to the password if the salt is known by the attacker?
What am I missing?
The problem here is that the salt mission isn't to be "secret", the purpose is to be unique so when an attacker "try a password" with that known salt it can only compare the generated pass with this one original hash because all other passwords will have different hashes.
For example:
Consider not having a salt:
user1:hashpass1
user2:hashpass2
user3:hashpass3
user4:hashpass1
user5:hashpass5
As you can see, user1 and user4 use the very same password because the hash generated are identical. So, when an attacker find this, he can hash one common word, for example: "rabbit" and then compare rabbit against the whole password hash database. He will also know that all the identical hashes has been generated with the very same password.
This is great for an attacker because he only need to hash ONE time to compare it hash against the whole database.
On the other hand, consider the very same salted user table
user1:salt1:salted1hashpass1
user2:salt2:salted1hashpass2
user3:salt3:salted1hashpass3
user4:salt4:salted4hashpass1
user5:salt5:salted1hashpass5
Now all the password hashes are different because of the salt, even user1 and user4 who used the very same password has different hashes.
This is bad news for an attacker he will need to compute the word rabbit with every single salt he finds in the database so he will a lot of time to do this. And this is the real value added by the salt.
The password salt is not secret.
Without salt, if two passwords are identical, the hashes will be identical two. It means if an attacker can found a password for one user, he will also be able to determine which users are using the same password by comparing the hashes. Moreover when a lot of hashes are identical, it is reasonable to suppose it is a "popular" password making this password a target for dictionary attack.
With a good random salt (obviously each password must one a different random salt), all hashes are different, even if the password are identical. Therefore if an attacker runs a dictionary attack on a password database, he will have to replay the same attack from the beginning for all passwords. It makes the attack much more expensive in term of time and processing power.
