Salts were intended to make password cracking far more difficult, so a hacker couldn't just encrypt a dictionary once and then compare it to every list of encrypted passwords he came across in his hacking intrusions. The 4096 salts mean that a hacker would have to use 4096 different dictionaries—each encrypted with a different salt—to discover any dictionary word passwords.

On any one system penetrated by Electron, there might be only 25 users, and therefore only 25 passwords, most likely using 25 different salts. Since the salt characters were stored immediately before the encrypted password, he could easily see which salt was being used for a particular password. He would therefore only have to encrypt a dictionary 25 different times.

Still, even encrypting a large dictionary 25 times using different salts took up too much hard-drive space for a basic home computer. And that was just the dictionary. The most sophisticated cracking programs also produced `intelligent guesses' of passwords. For example, the program might take the user's name and try it in both upper- and lower-case letters. It might also add a `1' at the end. In short, the program would create new guesses by permutating, shuffling, reversing and recombining basic information such as a user's name into new `words'.

`It's 24000 words. Too damn big,' Electron said. Paring down a dictionary was a game of trade-offs. The fewer words in a cracking dictionary, the less time it was likely to take a computer to break the encrypted passwords. A smaller dictionary, however, also meant fewer guesses and so a reduced chance of cracking the password of any given account.

`Hmm. Mine's 24328. We better pare it down together.'

`Yeah. OK. Pick a letter.'

`C. Let's start with the Cs.'

`Why C?'

`C. For my grandmother's cat, Cocoa.'

`Yeah. OK. Here goes. Cab, Cabal. Cabala. Cabbala.' Electron paused.
`What the fuck is a Cabbala?'