PKCS#5 Salt privacy?

In the official documentation of the PKCS5 V2.0 standard, we can rea开发者_如何学编程d "The salt can be viewed as an index into a large set of keys derived from the password, and need not be kept secret."

The part "need not be kept secret" is interesting.

Since the salt is used to add a huge range of password possibilities (or to create two different keys if two users had the same password), what is the purpose of letting the salt insecure?

I understand that typically, an attacker wont have access to the salt, so it will complicates his job to find the right password. But if an attacker knows the salt, where is the "magic"? Knowing the salt is like perform a traditional dictionary attack (if we exclude the iteration count)!

Is there something that I dont understand? I know that knowing the salt dont break the security but, saying that it "need not be kept secret" sounds strange to me.

---

The rest of the paragraph (in the standard) seems to explain it:

... Although it may be possible for an opponent to construct a table of possible passwords (a so-called “dictionary attack”), constructing a table of possible keys will be difficult, since there will be many possible keys for each password. An opponent will thus be limited to searching through passwords separately for each salt.

The point is that you can't just take a list of passwords (let's say 77 million passwords) and run them through the same tables. You will need to build a separate table for each password + salt.