[106744] in cryptography@c2.net mail archive
password strengthening: salt vs. IVs
daemon@ATHENA.MIT.EDU (travis+ml-cryptography@subspacefie)
Mon Oct 29 21:01:52 2007
Date: Mon, 29 Oct 2007 14:24:23 -0500
From: travis+ml-cryptography@subspacefield.org
To: Cryptography <cryptography@metzdowd.com>
Mail-Followup-To: Cryptography <cryptography@metzdowd.com>
--l+goss899txtYvYf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
So back in the bad old days when hashing was DES encryption of the
zero vector with a fixed key, someone came up with salt as a password
strengthening mechanism.
I'm not quite sure why it was called salt.
It perturbed the S-boxes in DES IIRC, but essentially it was a known
bit of text that was an input to the algorithm that varied between
entries, like an IV does with encryption.
If there isn't already a term for this, I'm going to call this
general concept "individuation", or possibly "uniquification".
Nowadays with strong hash algorithms, but rainbow tables and
low-entropy passwords as the threat, I'm wondering what the best
practice is.
I was thinking of simply prepending a block of text to each passphrase
prior to hashing, and storing it with the hash - similar to salts in
passwd entries.
It should have at least as much entropy as the hash output, maybe a
little more in case there's collisions. If it were uniformly random,
you could simply XOR it with the passphrase prior to hashing and save
yourself some cycles, right?
Would it be appropriate to call this salt, an IV, or some new term?
--=20
Life would be so much easier if it was open-source.
<URL:http://www.subspacefield.org/~travis/> Eff the ineffable!
For a good time on my UBE blacklist, email john@subspacefield.org.
--l+goss899txtYvYf
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (OpenBSD)
iQIVAwUBRyYzZmQVZZEDJt9HAQKvLg//f0//M5FAWUs27Z0KXDjp9R49m0t5nGEA
nzFA4AIO+XjdgpD64WOJfbZp156krpZ0TVr3wnpZ+G9N9gsrUYHPtGLLsJCw1jy+
aENuJzSRy3DZA4yMYfr2G0IkaF4tVekECMhWJLCP6Gkz2HUQUwoaGa5LFtHjbsEX
XlfaI3W7pVQeJmw3rbC1OqooRotItdb/Jc5w6/2SUmSA3L/TTK7+9AW3xRUu0KGE
hoVzZ19i9yXKxQWECln7ATTX2L04vttjNGbmgyslL3lgUwG1ptcWnUTDkOoPNt9K
TDRYXRgZtt/Rd0lh1LzhFpdOX345qWKc7vNpJacNiLtYaU7Csm2fvMs5ORs5Lk8r
TW0Z3kgGxbCeVX2nVNhbgbztJjxYD2jaWbTlz7mAUyyXz9dyZhfcDoK/Rd1cMVLy
rHZmf6lmAZzIVi0BBOLVPIeTzj7uUD3cTZrg2c5u6RdP7t6AbBlRXqIj8Or9RTPv
3wTqI67eMpOJOZQd82RnyBzLOMpCK9bsMauOL/J0AnG9Z6eWNPaqCfCUBSufsU6G
bBtpmMGDOwIsafw+6CjLtP2zmlwpSDq5f+N8eaiCTefOMCBas7HuBkzbdTWVmaiW
w+mM7SdoHC0ftuZ0iA+8c2J3jVPDPdO6TYto4yFrIYJmSbFT7hXRHozD6Sf/EtA5
wCCSmm9bUV4=
=XKz8
-----END PGP SIGNATURE-----
--l+goss899txtYvYf--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
