tags:

views:

403

answers:

2
Q: 

Password Salt: Additional Best Practices

Like most programmers, I am not an expert on cryptography but I understand the basics. However, a little knowledge can be a dangerous thing, as noted in Jeff's blog post. With that in mind, I understand the purpose of a salt value but I need a little help understanding how to use salt values.

I've read in the other posts on this subject that it is best to use a random salt value for each password to be encrypted. If this is the case, how do I reproduce that random salt value when I attempt to authenticate a user? In this scenario I would encrypt the plaintext password supplied by the user, encrypt it, and compare it to what is stored in the database. Do I store the random salt value on the user record along with the encrypted password when the password is created? Does this then make the salt value useless if a hacker has the complete user record?

+1  A: 

I usually store my salts in the same table as the user data - if a hacker gets direct access to your db they will crack your passwords anyway, a salt is only a method for delaying it. It will somewhat prevent them from using rainbow tables.

Torandi  2009-08-02 21:51:59
Large enough salts make rainbow tables completely irrelevant, forcing a brute force search for each password. Also, if a hacker gets direct access to your DB, you've got bigger problems, IMO.
jkf  2009-08-03 15:23:46
+4  A: 

The primary purpose of a salt is to prevent the usage of rainbow tables when cracking password hashes - without the usage of a salt, one could simply use a pre-generated reverse-lookup table to find the hash and immediately know what password likely generated it.

With a salt, the rainbow table approach is defeated because the mapping of hashes to passwords is completely different for that particular salt - and thus one would have to generate rainbow tables individually for every salt value (and the time it takes to generate rainbow tables is proportional to the time it would take to brute force the hash without the assistance of the rainbow table in the first place).

Since the salt serves its purpose in not allowing the usage of a pre-generated rainbow table regardless of whether the attacker knows the specific salt for a given user's entry or not, there's no real reason to store it separately, as long as you're using unique salts for each entry.

Amber  2009-08-02 21:52:22

related questions

Is there a standard implementation for Electronic Signatures on fill-in-form web applications?
Best way to handle block ciphers in C++? (Crypto++)
What is the best replacement for Windows' rand_s in Linux/POSIX?
Combination of more than one crypto algorithm
Encryption output always different even with same key
What techniques do you use when writing your own cryptography methods?
Optimize y = x*x in Galois field arithmetic
Best way to prevent duplicate use of credit cards
Enumerating Certificate Fields in C#
I'm using Wincrypt for Diffie-Hellman-- can I export the shared secret in plain text?
Cryptography algorithm
I have P & G-- how do I use the Wincrypt API to generate a Diffie-Hellman keypair?
Good primers on Cryptography
Should I use an initialization vector (IV) along with my encryption?
How do I hash a string with Delphi?
Inter-convertability of asymmetric key containers (eg: X.509, PGP, OpenSSH)
How to implement password protection for individual files?
Is Bouncy Castle API Thread Safe ?
128 bit data encryption using Java
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
App.config connection string Protection error
Is there a best .NET algorithm for credit card encryption?
How to encrypt one message for multiple recipients?
How can I generate a unique, small, random, and user-friendly key?
Why is an s-box input longer than its output?