Cryptographic salt on a per user basis prevents attacks by rainbow tables which may otherwise crack all passwords (of a particular digest scheme) up to a certain length altogether. Hence the passwords must be attacked individually e.g. by brute-force or dictionary methods. Cryptographic hash functions like SHA-256 which are used in digital signature schemes must calculate message digests of potentially large documents in reasonable time to be of practical use. Unfortunately this property makes them more vulnerable to brute-force attacks. Adversaries may use specialized hardware (such as GPUs or FPGAs) to further facilitate brute-force attacks on individual passwords.

Key stretching is a technique which can be applied to slow down brute-force attacks. PBKDF2 defines such a scheme and can be used in combination with a cryptographic hash function.

Other alternatives are bcrypt which is used in BSD Unix systems and scrypt which has been published recently. scrypt has been specifically designed to counter custom hardware attacks.