| Salt (cryptography) |
Article Index for Salt |
Website Links For Salt |
Information AboutSalt (cryptography) |
|
The salt value may, or may not, be protected as a secret. In either case, the additional salt data makes it more difficult to conduct a Dictionary Attack against for example, a password file, using pre-encryption of dictionary entries. Each bit of salt used doubles the amount of storage and computation required. In some protocols, the salt is transmitted as Cleartext with the encrypted data, sometimes along with the number of Iterations used in generating the key (for Key Strengthening ). Cryptographic protocols which use salts include SSL and Ciphersaber . Early Unix systems used a 12-bit salt, but modern implementations use larger values. Salt is very closely related to the concept of Nonce . WHY SALT PASSWORD HASHES? A UNIX EXAMPLE In the classic UNIX passwd file, passwords are stored as a hash with a two-character salt prepended. The passwd file is publicly readable for all users of the system. It must be readable so user privileged software tools can find user names and other information. The security of passwords is protected only by the obscuring functions (enciphering or hashing) used for the purpose. The modern Shadow Password system, in which password hashes and other security information are stored in a non-public file, somewhat mitigates these concerns. However, they remain relevant in multi-server installations which use centralized password management systems to "push" password or password hashes to multiple systems. In such installations, the "root" account on each individual system may be treated as less "trusted" than the administrators of the centralized password system, so it remains worthwhile to ensure that the security of the password hashing algorithm, including the generation of unique "salt" values, is adequate. Salts also help protect against Rainbow Tables as they, in effect, extend the length and potentially the complexity of the password. If the rainbow tables do not have passwords matching the length (e.g. 8 bytes password, and 2 bytes salt, is effectively a 10 byte password) and complexity (non-alphanumeric salt increases the complexity of strictly alphanumeric passwords) of the salted password, then the password will not be found. If found, one will have to remove the salt from the password before it can be used. Salts also make Dictionary Attack s and Brute-force Attack s for cracking large number of passwords much slower. Without salts, an attacker who is cracking many passwords at the same time only needs to hash each password guess once, and compare it to all the hashes. However, with salts, all the passwords will likely have different salts; so each guess must be hashed separately for each salt, which is much slower since hashing is usually very computationally expensive. Another (lesser) benefit of a salt is as follows: two users might choose the same string as their password. Without a salt, this password would be stored as the same hash string in the password file. This would disclose the fact that the two users have the same password, allowing each user to access the other's account. By salting the password hashes with two random characters, even if two users choose the same password, they cannot discover that they have done so by reading the passwd file. SEE ALSO EXTERNAL LINKS
|
|
|