RE: Values to use for a salt?

> Someone suggested recently of using the password as the salt.  I have
never seen this discussed before, and 
> would like to get opinions of it.  What would be wrong with this,
especially if it were altered in some way 
> before being used, such as using a simple replacement table to change
letters to special characters?  This way, 
> the salt would not have to be stored because it would be a derivative of
the password.  How would this differ 
> from the traditional approach of generating a random salt and storing with
the hashed password?

> Also, how much less secure would it be to use a user ID as the salt
instead of a random salt that then has to be 
> stored?  I've been thinking about these, but feel I am missing important
ideas.

The purpose of storing hashes rather than passwords is of course to prevent
the discover of plain-text passwords if the password file is compromised.
You are correct on why the salt is important as it can delay brute-force
attacks assuming that not every user has the same salt.

Using a salt based on the password would seem like a bad idea to me.  If you
store the salt with the hash then you have stored the password in the
password file.  If you use a cipher to replace characters then you have used
a weak, reversible form of encryption that can more easily yield the
password than a brute-force attack against the hash.

Even if you were to use only a portion of the password (say two characters)
you would still provide a clue to the cracker, and hence decrease the
keyspace that they will need to search.  This is why it is probably best to
use a random salt value so that you can slow the brute-force attack, yet
prevent an attacker from receiving any additional clue to help them find the
plain-text.

--
Tony Kava
Network Administrator
Pottawattamie County, Iowa