If it's removable, you can take it with you, I've no idea why you would leave it in the car.
Yeah, but then you have to lug an iPad around everywhere you go. It's not like it will fit in your pocket.
Conversely, regular car stereos, not designed to be taken with you when you get out of the car are (or were) notoriously easy to steal. I imagine the same would be true of an aftermarket car computer or DIY car computer.
I think this is still true of aftermarket car stereos though they usually have removable faceplates that you can store in the glovebox (or take with you, but then you have the same problem as the iPad of lugging it around everywhere). If the car computer is integrated in the dash, then you would have to take the dash apart or really slash it up to get at the computer (not that this is hard, but I don't think it's a simple smash and grab). If it's just a laptop sitting under a seat with an LCD in the dash, then yeah you're right.
In a system that correctly applies the salt, your new input will not generate the same hash. i.e., User sets Password, Password is hashed with the salt (e.g., passwordHash = hash(salt+password) ) You discover the resultant hash, You find a collision that produces the same hash ( hash(collisionValue) == passwordHash ) You then try to use this collisionValue to gain access to the system, but because of the use of a salt the system will take your collisionValue and add the salt, this will produce a completely different resultant hash and will not match the stored password hash.
hash(salt+collisionValue) != passwordHash.
Unless you know of a side-channel attack, or have access to enough hashes where you already know the password in order to determine the salt (or format of the salt for a roaming salt) then your collision is not effective.
Okay, so salt is more useful than I thought. For some reason I was thinking collision == access, but you're right that no one allows you to provide just the hash as that would be stupid (and pretty much defeat the purpose of hashing the password) and, as you state, if the stored hash is generated (and therefore authenticated) with salt, then your collision value won't give you access.
A well written explanation, thank you.
the technology for a communication device would be vastly different
So why's she talking on a fairly large, conspicuous headset and not a small hidden device?
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn