Re: Values to use for a salt?

I think you're missing the point of using salt.

Yes, it helps protect against isolated brute force cracks by further 
randomizing a password's hash code, but this is a minor feature.  Using the 
extended ASCII set in a password serve's the same purpose.  Regardless, I 
certainly wouldn't rely upon salt to improve the quality of an individual's 
password.

The importance of using salt is that it protects against hash code 
comparing.  Ideally, each password is hashed with a different salt value.  
When this is done, the hash code of identical passwords is not identical.  
One of the problems with LM and NTLM v1 passwords is salt wasn't used.  As a 
result, once you found one password you knew the password of anyone else 
that has the same hash code.

There are other methods that can protect against hash code comparison, but 
using larger character sets in a password is not one of them.

On a related note, earlier someone asked if it was advisable to use the 
user's account name as the salt value.  The answer is no.  To be effective, 
the salt value should be kept secret.  In essence, what we're talking about 
are HMACs (hashed method authentication codes).  HMACs are only as good as 
the secrecy of the key - and account names are not secret.

Depending on the length of time the hash code had to stand up and the value 
of the information you're protecting, you could use the account name as 
*part* of the key.  A common technique is to take some data, hash it, drop 
some of the bits and use the remainder as the key.  In a highly simplified 
example you could use Hash(account name + MAC address + IP address + Date + 
Time to the nearest minute), drop enough bits off the end to make it the 
right size and that could be the key.  Depending on the difficulty in 
regenerating the key it may stand up if the key is changed frequently and/or 
the data holds little or no value in a short amount of time.

In order to validate the hash code, the validating system computes all hash 
values (there are multiple valid keys) for each minute within a window of 
time.  If any of the codes match the hash code is considered valid.  This is 
basically what Kerberos does (and is why authentication doesn't work in a 
Windows 2000+ network if the time isn't synchronized within 5 minutes).

Hope this helps,
Scott Mulcahy

-----Original Message-----
From: Marian Ion [mailto:marian.ion@xxxxxxxxxxxxxx]
Sent: Wednesday, December 17, 2003 3:01 AM
To: CraigSecurity@xxxxxxxxxxxxx; secprog@xxxxxxxxxxxxxxxxx
Subject: Re: Values to use for a salt?


Hi all,

Don't you think using extendedASCII set will dramatically increase the
performance of any algorithm currently in use? Imagine what a pass like
"|¤W-|[V.|1D-|`â-|Ë3-|%-|F0-|   " means for a cracker:  (selected from line
22 (I think...) from regedit.exe). Imagine using Unicode characters for keys
.....
Will you still need salt and others?

Marian Ion

_________________________________________________________________
Enjoy the holiday season with great tips from MSN.  
http://special.msn.com/network/happyholidays.armx