How should I store a password salt?

Question

Using PHP, I am encoding passwords using the hmac function with the sha256 algorithm. What I'm not sure about is how to properly store the salt.

The whole point of hashing a password is in case a hacker gets access to the database. If I store the salt in the db within the same row as the hashed password, isn't it just like I am handing the hacker the "secret code"? I am putting up a door with a lock, and handing the intruder the key.

Can anyone please explain to me how they come about storing their salt?

Answer 1

Putting the salt into the hands of an attacker who has stolen your database isn't actually a problem. Combining the salt with the original password into the password hash protects against the attacker using "rainbow tables" of millions of known and well-known password hashes to obtain the passwords of some of the stolen user ids.

Having hashed the password and salt together makes it many orders of magnitude more difficult to crack even a single password, on the basis that the salt invalidates the password hashes known in the rainbow table. So even if the salt is known by the attacker for each of your users, this means that in order to crack any single user, the attacker must compute a whole new rainbow table just for that user alone, which combines the user's salt with the rest of the passwords known in the rainbow table they started with.

Salting the password does not make it impossible to crack a password, but far more difficult. An attacker could, for example, target a small subset of your users with the hash and salt in hand, and that's another reason to encourage strong passwords which are less likely to appear in a rainbow table.