Re: Values to use for a salt?

On Mon, 15 Dec 2003, Craig Minton wrote:

> My understanding is that salts are used to help deter dictionary attacks 
> where the attacker has created a pre-hashed list of passwords and comparing 
> them against the actual hashed passwords.  Using salts means the attacker 
> must compute all possible values of the password in the dictionary plus by 
> the possible salts, which makes it computationally unfeasable.
>
> Someone suggested recently of using the password as the salt.  I have never 
> seen this discussed before, and would like to get opinions of it.  What would 
> be wrong with this, especially if it were altered in some way before being 
> used, such as using a simple replacement table to change letters to special 
> characters?  This way, the salt would not have to be stored because it would 
> be a derivative of the password.  How would this differ from the traditional 
> approach of generating a random salt and storing with the hashed password?
>

Because the salt _has_ to be stored in order to compare the hashes
correctly.  You would have to store the salt part of the password
somewhere which would be a bad thing.


> Also, how much less secure would it be to use a user ID as the salt instead 
> of a random salt that then has to be stored?  I've been thinking about these, 
> but feel I am missing important ideas.
>

If the same account on another system has the same password, then the
crypt() hashes will be the same.  So if one password is cracked it would
be easy to surmise via the crypt hashes where that same password was used.

> Thank you for any thoughts you can give.
>
> -Craig
>
>
> _____________________________________________________________
> Fight the power!  BlazeMail.com
>