hum, i will talk again with general cases, but it give nice ideas.... the point about security is fisic access... you have problem with fisic access to disk? for example, if you put your data in a datacenter, you never know who is changing your hardware or what happen to hardware disks... at least i don't see anyone putting webcams outside the server and record everything that happen outside server... in this case you should check that datacenter admin can copy your disk and do what he/she want... (it have the fisic acces to it, and yes it CAN do this, ok maybe it's illegal, but what ever... it can do it)
when someone have a file for example 10MB, encrypted it will try data dictionary, and brute force attacks, probably it will load the file to memory and send to many computers to decode this file... 10MB in a memory is something very small run memtest86+ in your computer... you will see >2GB/s of speed on memory access... with many computers 10MB could be near to 1byte (talking about read speed and decode speed)... well just to explain the relative size when using many computers not true values... well you can't do nothing, with time he/she will get the file... the only solution is legal... but he/she can send your files over internet and anyone could get it... but... you have some alternatives... make attacker job harder one nice feature is a "pseudo cryptografy" called steganography, instead of a cryptography where attackers know that a file is crypted, you 'give' a file that any users could see (for example a image or a music or a video) and add your information in that file like a water mark... i didn't searched about filesystems tools (for example using LUFS) to steganography files online... but it's a nice feature for high security systems... the attacker will think that it have the file, and it have the file, but it will think that the information is a image, while the information is the watermarks in the image... it's very very nice for security since the inteligence of attacker is get a well know file format, and not a specific information, the specific information is only searched if the attacker really know that you have important information and the kind of information (for example instead of finding a file, it will try to find text, and know that is possible to have a steganography software running in your filesystem), but again... with time attacker can get the information... well getting back to plain salt... yes it's not as secure as a non blank salt, i will talk about my idea of statistic in this case, not as a probability model... maybe the attacker could use your salt at first time... maybe not... the salt must be something that you probably will not use and attacker will not think (or calculate) it too soon, again with time it can calculate... but you should give your best to make it too hard to calculate or think that it could be used, the blank salt is something that every body will try at first time (at least me... i will try blank, 1234, 12345,1234567, 9999, 8888 ... and others number combinations) well when someone stole your data you can't do nothing, the best method is physical protection, burn your disk for example like 007 james bond :) again, i didn't know if i solved your question, just some ideas about increase security... if you really want know if your system is secure, the most interesting thing you could do is know some underground group and tell they to unlock your information, there's some companies that do this job too, but underground world is nice and many times free =] good luck :)
