tags:

views:

66

answers:

3
+3  Q: 

What does 'salt' refer to in string-to-key (s2k) specifier?

What does 'salt' refer to in string-to-key (s2k) specifier?

It appears to be a random number generator to shake things up, but I would like to know what 'salt' stands for?

For example it is written:

3.6.1.2. Salted S2K

   This includes a "salt" value in the S2K specifier -- some arbitrary
   data -- that gets hashed along with the passphrase string, to help
   prevent dictionary attacks.

       Octet 0:        0x01
       Octet 1:        hash algorithm
       Octets 2-9:     8-octet salt value

   Salted S2K is exactly like Simple S2K, except that the input to the
   hash function(s) consists of the 8 octets of salt from the S2K
   specifier, followed by the passphrase.

But salt is not defined, although its meaning seems clear.

+2  A: 

The salt can be any consistent value.

Either a constant, or the user ID. Better if it includes both.

This is used to prevent pre generated rainbow tables from working.

Lo'oris  2010-05-16 21:29:04
What is a 'pre generated rainbow table'?
WilliamKF  2010-05-16 23:24:27
A rainbow table for hashes without any salt, i.e. created hashing just the plain password. Yes, people still do that.
Lo'oris  2010-05-17 08:59:08
+3  A: 

From Wikipedia:

In cryptography, a salt comprises of random bits that are used as one of the inputs to a key derivation function. The other input is usually a password or passphrase. The output of the key derivation function is stored as the encrypted version of the password.

A salt is just some bits that are used to increase the security of the system. They help prevent pre-computed dictionary attacks.

Mark Byers  2010-05-16 21:31:44
Calling them "random" is not really fair, and that wikipedia article it questionable to say the least. I think they might be called "salt" even if they are a const, and I'm pretty sure they can be called "salt" even if they are not random but taken from a constant value such as the user ID.
Lo'oris  2010-05-16 21:41:08
To be more precise: if the salt is constant for every entry, it still prevents pregenerated rainbow tables from working; if the salt also changes for each user, it also prevents the attacker from generating a rainbow table and using it on every entry.
Lo'oris  2010-05-16 21:42:53
@Lo'oris: I think using user_id as a salt would be a bad idea in many cases. Root for example has user_id 0 on some systems and you could pre-calculate a dictionary for that salt. The salt shouldn't be predictable in advance. That is why a random number is good, although I admit that there are other ways of generating unpredictable numbers, such as using a hash.
Mark Byers  2010-05-16 22:33:18
@Mark: clever! this would not work if you add a constant value *and* the ID, though (and now I understand why they said to use both, somewhere)
Lo'oris  2010-05-16 23:05:42
@Mark - unless you derive the salt from the userid somehow. eg. `SHA256(userid + 9978)`
kibibu  2010-05-16 23:13:43
@kibibu: yes, but its much simpler and as effective to just add a constant eg. `hash(CONST+ID+PASSWD)`
Lo'oris  2010-05-16 23:21:26
+1  A: 

I think you're asking the origin of the term, not the definition.

Time for a round of folk etymology! (Until someone gives the real answer.)

My guess is that it is an analogy from cooking: the salt is an improving additive. And a little bit goes a long way.

harpo  2010-05-16 23:14:49

related questions

How would you add salt to your existing password hashes?
is a GUID a good salt? is my register/login process got any flaw?
Password hashing, salt and storage of hashed values
Are hashed and salted passwords secure against dictionary attacks?
Mysql SHA salt
Is my authentication encryption any good?
Salting a C# MD5 ComputeHash on a stream
Storing salt in code instead of database
Salts and Passwords - prefix or postfix
Password hash and salting - is this a good method?
Encrypted passwords of not-encrypted passwords user base
how do I create a mySQL user with hash('sha256', $salt . $password)?
Salting Your Password: Best Practices?
PHP Sessions + Useragent with salt
What is the difference between a 'character' and an 'octet'?
Why do web applications insist on defining strict password rules?
Need some help understanding password salt
Client Side MD5 Hash with Time Salt
How best to generate a random salt for a Web Site?
What is the easiest way to create and compare a salted password in .NET?
Do I need to store the salt with bcrypt?
Why is a password salt called a "salt"?
How would you implement salted passwords in Tomcat 5.5
What is the optimal length for user password salt?
What is the salt in Enterprise Library HashProvider ? (SaltEnabled key)