How best to generate a random salt for a Web Site?

Question

Hi folks,

i'm wanting to generate a random salt value and put it into the Application state.

Now, i'm using a web farm, so the Application state will be different per machine. I don't want to purchase distributed state farm apps, either.

So .. what are some solutions for this? I thought i could hard-code it in the code OR the web.config file .. but that means the same salt for eva .. not very safe.

Anyone have any suggestions?

Remember - i'm after a unique key (eg a guid) that is the same across all machines. Maybe a config file is the only way?

Answer 1

If I understand correctly, you want the machines to share a value, and you don't want the value to be the same forever. Ideally you'd prefer not to store it.

So, have the "first" machine generate a random value at startup, (using whatever entropy it can such as /dev/random. If you don't need a secure value, and don't have enough entropy at startup to create one anyway, use the time or whatever), and communicate it to all the others. As new machines join the cluster, they need to be able to find the value from one machine already in the cluster. Machines dropping out make no difference.

Which machine is the "first"? Well, if you can always boot one machine before any others, and give it time to get to the point of generating a value, then you can use the trivial algorithm:

1) Look for other machines. If you find one, ask it the value. 2) If you don't find one, generate the value yourself.

If multiple machines are starting up at once then they need to decide amongst themselves which is the "leader". You could do this by choosing one yourself (e.g. a machine declares itself "leader" as soon as it receives a particular connection via the admin interface: on startup each machine waits until it either gets this connection, or hears from another machine that the other machine is the leader). It's trivial to do automatically on a token ring: the machine with the least MAC address or whatever is leader. But nobody uses token ring any more...

At the opposite extreme of an unreliable network I'm not sure it's even possible, unless all the machines know how many there will be in total (in which case it's just like the token ring, except that they all talk to each other until they've figured out who's the leader). With reliable broadcast, which is what you can assume within reasonable bounds on ethernet, I'm sure there's an optimal algorithm published somewhere, but I forget what it is (if I ever knew). I'd guess that everyone broadcasts who they think the leader is at regular intervals (including their own claim if they've not yet seen a better one). Once you've been listening to that for long enough (approx one interval), you'll know who the leader is, and you can start using the seed.

If the value is a secret, then obviously communication within the cluster must be secure. You might get that for free, depending on the network architecture.

Answer 2

In a web farm scenario the machine key stored in machine.config might be what you are looking for. It is a randomly generated hash that must be the same across machines in the web farm.

Answer 3

Here's a fun/interesting way:

At the start of each day, i.e., after 00:00, lookup twitter or digg or friendfeed or anything that has frequently changing data for a detail just before/at 00:00. All the machines would get this same data AND it's guaranteed to be changing. In order to make it a secret, combine this detail with some secret key or the MAC of the DNS server or some such thing.

I think this is simple enough and a fun thing. Of course, this would mean your website would depend on this external website for a trivial thing and might be difficult if the site is down. But in such cases you can retain and continue with previous day's data.

Just wanted to write about it as a fun/interesting way :)