On Oct 30, 2007 6:24 AM, [EMAIL PROTECTED] wrote:
So back in the bad old days when hashing was DES encryption of the
zero vector with a fixed key, someone came up with salt as a password
I'm not quite sure why it was called salt.
It perturbed the S-boxes in DES IIRC, but essentially it was a known
bit of text that was an input to the algorithm that varied between
entries, like an IV does with encryption.
If there isn't already a term for this, I'm going to call this
general concept individuation, or possibly uniquification.
Nowadays with strong hash algorithms, but rainbow tables and
low-entropy passwords as the threat, I'm wondering what the best
I was thinking of simply prepending a block of text to each passphrase
prior to hashing, and storing it with the hash - similar to salts in
well what you're describing is quite classically a salt, imho.
It should have at least as much entropy as the hash output, maybe a
little more in case there's collisions. If it were uniformly random,
you could simply XOR it with the passphrase prior to hashing and save
yourself some cycles, right?
well no. i mean to xor it (or probably what you mean: to otp it)
you'll need to have a salt who's length is equal to the input. that
would then mean that short inputs would result in short salts. i.e. a
password of a may result in the salt of x. hash(a ^ x) is
hardly secure against a rainbow table.
so you're better off maintaining the salt in a separate location
(after all, the threat model is that someone takes the db and has a
list of all the hashes, and then calculates out the passwords) and
still prepend it on before the main passphase.
you may consider, however, that if this salt is as long as one block
of the input to the hash algorithm, it effectively becomes a new iv.
but what that has to do with anything; i don't know ...
Would it be appropriate to call this salt, an IV, or some new term?
Life would be so much easier if it was open-source.
URL:http://www.subspacefield.org/~travis/ Eff the ineffable!
For a good time on my UBE blacklist, email [EMAIL PROTECTED]
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]