Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] salt question

Eric Chadbourne wrote:
> And don't quite understand this line:
> "Salts are normally stored along with the hashes. They are not secret."

The other responses have pretty much covered everything, except for a
few points.

First, a simple example:

A basic hashed password:

% echo monkey | sha1sum
744a9a056f145b86339221bb457aa57129f55bc2  -

A basic hashed password with salt:

% echo saltmonkey | sha1sum
a3a686f363fb197b9688f70a392992763ff42b14  -

(Yes, salt can literally be as simple as a concatenated string.)

> So if they are not secret what is the advantage if your site is
> exploited?

To guard against use of rainbow tables.

> Such as if the salt is stored in a config file couldn't the
> attacker utilize this with his rainbow tables?

A rainbow table is a database of precomputed hashes for common
passwords. Any alteration of the password prior to computing the hash
results in a different hash, which will no longer match the rainbow
table version. As long as your salt isn't something predictable, its
perfectly fine (for the original goal of salting) for it to be stored in
the same place as the password.

> Also I see in PHP crypt() you don't have to supply a salt.  How does
> that work?

Same idea as the first example above. An empty string is concatenated
(or the concatenation step is sipped).

> I have a log in system I wrote myself with sha1 but from everything I've
> been reading this seems inadequate.

Most hashing algorithms traditionally used for storing passwords were
designed for speed of execution, like SHA1, which is opposite of what
you want in a password hashing algorithm.

These algorithms are being replaced by computationally hard algorithms,
like you find in bcrypt[1] and others[2][3]. There are also "memory
hard" algorithms[4]. (Same idea, but they require a lot of memory rather
than a lot of CPU cycles.)

Because of the prevalence of salting and the ubiquity of high
performance GPUs and cloud computing clusters, rainbow tables have
fallen out of favor. Salting is still a good idea, but insufficient by
modern standards if used with a fast hash algorithm. (Salting is
integral to bcrypt.)

There are also some people experimenting with the idea of fragmenting
the password hash and storing it distributed among multiple servers. A
form of Secret sharing[5]. This way if one server is breached, the
attackers have not necessarily obtained the full hash.



Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile:

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /