One means of authentication includes the use of a password on computer systems. For example, on UNIX-type systems, the password for a user account is stored in a hashed form on the computer or at an authentication server. To make it harder for an attacker who has access to the hashed password to perform a brute force attack and potentially gain knowledge of several different systems at once, the stored password is augmented with a small random value specific to a system, also known as a “salt” before the password is hashed. The salt value and the hashed password are then stored in association with other account properties.
Since the salt value is randomly generated, only someone who already has access to the hashed password and salt value can compute what a hashed password value should be. This means that the unhashed password has to be passed to the authentication process in clear text form so that the authentication process can perform the hash and compare it to a stored hashed password. Thus, the password must only be sent over a secure connection or the password can be stolen by an eavesdropper.
Similarly, many secure communication protocols require that two communicating programs or computers have a shared secret or a shared master secret, which is either directly or indirectly utilized to encrypt data between the two communicating programs or computers. The secure communication protocols can only decrypt messages where the shared secret is known. The shared secret cannot be provided to each communicating program or computer in the clear or an eavesdropper would be able to intercept the shared secret and use it to decrypt the communications between the programs or computers.