tags:

views:

151

answers:

2
+2  Q: 

Optimal password salt length

Possible Duplicate:
What is the optimal length for user password salt?

I tried to find the answer to this question on Stack Overflow without any success.

Let's say I store passwords using SHA-1 hash (so it's 160 bits) and let's assume that SHA-1 is enough for my application. How long should be the salt used to generated password's hash?

The only answer I found was that there's no point in making it longer than the hash itself (160 bits in this case) which sounds logical, but should I make it that long? E.g. Ubuntu uses 8-byte salt with SHA-512 (I guess), so would 8 bytes be enough for SHA-1 too or maybe it would be too much?

+1  A: 

Current standards suggest a 16 char-length salt http://en.wikipedia.org/wiki/Crypt_%28Unix%29#SHA-based_scheme

Also this question has been asked before :)

Tom Gullen  2010-06-12 13:46:25
Heh, it's true. I wonder however how you found it. I tried http://stackoverflow.com/search?q=password+salt+length and http://stackoverflow.com/search?q=optimal+password+salt+length and it's certainly not on the first page.Anyway, the question remains unanswered. The link to Wikipedia you provided (and is also provided in the other question) does not say anything about 16 char long salt. The longest salt mentioned there is 24 bit "BSDi extended DES-based scheme"
Juliusz Gonera  2010-06-12 13:55:26
A: 

In my opinion, the biggest worry with hashed passwords are rainbow tables. There are rainbow tables available that hold values as high as 64 characters last I checked. Keeping this in mind, you would probably want your hashed value to be somewhere greater than that to avoid being easily "looked up" in a rainbow table. This means that the salt+password length should be greater than 64.

Joe Philllips  2010-06-12 13:59:57
no, this is not right. There are *not* 2^(64*8) passwords in rainbow tables. You are misunderstanding rainbow tables.
GregS  2010-06-12 17:07:39
@GregS if you think that's how rainbow tables work, then YOU are misunderstanding them. Not every password is stored. Read up on how chaining works
Joe Philllips  2010-06-13 20:51:28
Obviously I know that is not how rainbow tables work, but that is what your answer implies. The fact that there are 64 character keys in rainbow tables is irrelevant.
GregS  2010-06-13 21:42:22
I see what you mean now. I shouldn't have said "keys" -- should have said values.
Joe Philllips  2010-08-22 15:17:49

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security