tags:

views:

66

answers:

3

What does 'salt' refer to in string-to-key (s2k) specifier?

It appears to be a random number generator to shake things up, but I would like to know what 'salt' stands for?

For example it is written:

3.6.1.2. Salted S2K

   This includes a "salt" value in the S2K specifier -- some arbitrary
   data -- that gets hashed along with the passphrase string, to help
   prevent dictionary attacks.

       Octet 0:        0x01
       Octet 1:        hash algorithm
       Octets 2-9:     8-octet salt value

   Salted S2K is exactly like Simple S2K, except that the input to the
   hash function(s) consists of the 8 octets of salt from the S2K
   specifier, followed by the passphrase.

But salt is not defined, although its meaning seems clear.

+2  A: 

The salt can be any consistent value.

Either a constant, or the user ID. Better if it includes both.

This is used to prevent pre generated rainbow tables from working.

Lo'oris
What is a 'pre generated rainbow table'?
WilliamKF
A rainbow table for hashes without any salt, i.e. created hashing just the plain password. Yes, people still do that.
Lo'oris
+3  A: 

From Wikipedia:

In cryptography, a salt comprises of random bits that are used as one of the inputs to a key derivation function. The other input is usually a password or passphrase. The output of the key derivation function is stored as the encrypted version of the password.

A salt is just some bits that are used to increase the security of the system. They help prevent pre-computed dictionary attacks.

Mark Byers
Calling them "random" is not really fair, and that wikipedia article it questionable to say the least. I think they might be called "salt" even if they are a const, and I'm pretty sure they can be called "salt" even if they are not random but taken from a constant value such as the user ID.
Lo'oris
To be more precise: if the salt is constant for every entry, it still prevents pregenerated rainbow tables from working; if the salt also changes for each user, it also prevents the attacker from generating a rainbow table and using it on every entry.
Lo'oris
@Lo'oris: I think using user_id as a salt would be a bad idea in many cases. Root for example has user_id 0 on some systems and you could pre-calculate a dictionary for that salt. The salt shouldn't be predictable in advance. That is why a random number is good, although I admit that there are other ways of generating unpredictable numbers, such as using a hash.
Mark Byers
@Mark: clever! this would not work if you add a constant value *and* the ID, though (and now I understand why they said to use both, somewhere)
Lo'oris
@Mark - unless you derive the salt from the userid somehow. eg. `SHA256(userid + 9978)`
kibibu
@kibibu: yes, but its much simpler and as effective to just add a constant eg. `hash(CONST+ID+PASSWD)`
Lo'oris
+1  A: 

I think you're asking the origin of the term, not the definition.

Time for a round of folk etymology! (Until someone gives the real answer.)

My guess is that it is an analogy from cooking: the salt is an improving additive. And a little bit goes a long way.

harpo