Information about Salt (cryptography)
In cryptography, a salt consists of random bits used as one of the inputs to a key derivation function. Sometimes the initialization vector, a previously generated (preferably random) value, is used as a salt. The other input is usually a password or passphrase. The output of the key derivation function is often stored as the encrypted version of the password. A salt value can also be used as a key for use in a cipher or other cryptographic algorithm. A salt value is typically used in a hash function.
The salt value may, or may not, be protected as a secret. In either case, the additional salt data makes it more difficult to conduct a dictionary attack against for example, a password file, using pre-encryption of dictionary entries. Each bit of salt used doubles the amount of storage and computation required.
In some protocols, the salt is transmitted as cleartext with the encrypted data, sometimes along with the number of iterations used in generating the key (for key strengthening). Cryptographic protocols which use salts include SSL and Ciphersaber.
Early Unix systems used a 12-bit salt, but modern implementations use larger values.
Salt is very closely related to the concept of nonce.
The modern shadow password system, in which password hashes and other security information are stored in a non-public file, somewhat mitigates these concerns. However, they remain relevant in multi-server installations which use centralized password management systems to "push" password or password hashes to multiple systems. In such installations, the "root" account on each individual system may be treated as less "trusted" than the administrators of the centralized password system, so it remains worthwhile to ensure that the security of the password hashing algorithm, including the generation of unique "salt" values, is adequate.
Salts also help protect against rainbow tables as they, in effect, extend the length and potentially the complexity of the password. If the rainbow tables do not have passwords matching the length (e.g. 8 bytes password, and 2 bytes salt, is effectively a 10 byte password) and complexity (non-alphanumeric salt increases the complexity of strictly alphanumeric passwords) of the salted password, then the password will not be found. If found, one will have to remove the salt from the password before it can be used.
Salts also make dictionary attacks and brute-force attacks for cracking large number of passwords much slower (but not in the case of cracking just one password). Without salts, an attacker who is cracking many passwords at the same time only needs to hash each password guess once, and compare it to all the hashes. However, with salts, all the passwords will likely have different salts; so each guess must be hashed separately for each salt, which is much slower since hashing is usually very computationally expensive.
Another (lesser) benefit of a salt is as follows: two users might choose the same string as their password. Without a salt, this password would be stored as the same hash string in the password file. This would disclose the fact that the two users have the same password, allowing each user to access the other's account. By salting the password hashes with two random characters, even if two users choose the same password, they cannot discover that they have done so by reading the passwd file.
The salt value may, or may not, be protected as a secret. In either case, the additional salt data makes it more difficult to conduct a dictionary attack against for example, a password file, using pre-encryption of dictionary entries. Each bit of salt used doubles the amount of storage and computation required.
In some protocols, the salt is transmitted as cleartext with the encrypted data, sometimes along with the number of iterations used in generating the key (for key strengthening). Cryptographic protocols which use salts include SSL and Ciphersaber.
Early Unix systems used a 12-bit salt, but modern implementations use larger values.
Salt is very closely related to the concept of nonce.
Why salt password hashes? A UNIX example
The classic UNIX passwd file stores the hashes of salted passwords (passwords prepended with two-character random salts). Note that in UNIX, the salt is also stored in the passwd file (as cleartext) together with the hash of the salted password. The passwd file is publicly readable for all users of the system. It must be readable so user-privileged software tools can find user names and other information. The security of passwords is protected only by the obscuring functions (enciphering or hashing) used for the purpose.The modern shadow password system, in which password hashes and other security information are stored in a non-public file, somewhat mitigates these concerns. However, they remain relevant in multi-server installations which use centralized password management systems to "push" password or password hashes to multiple systems. In such installations, the "root" account on each individual system may be treated as less "trusted" than the administrators of the centralized password system, so it remains worthwhile to ensure that the security of the password hashing algorithm, including the generation of unique "salt" values, is adequate.
Salts also help protect against rainbow tables as they, in effect, extend the length and potentially the complexity of the password. If the rainbow tables do not have passwords matching the length (e.g. 8 bytes password, and 2 bytes salt, is effectively a 10 byte password) and complexity (non-alphanumeric salt increases the complexity of strictly alphanumeric passwords) of the salted password, then the password will not be found. If found, one will have to remove the salt from the password before it can be used.
Salts also make dictionary attacks and brute-force attacks for cracking large number of passwords much slower (but not in the case of cracking just one password). Without salts, an attacker who is cracking many passwords at the same time only needs to hash each password guess once, and compare it to all the hashes. However, with salts, all the passwords will likely have different salts; so each guess must be hashed separately for each salt, which is much slower since hashing is usually very computationally expensive.
Another (lesser) benefit of a salt is as follows: two users might choose the same string as their password. Without a salt, this password would be stored as the same hash string in the password file. This would disclose the fact that the two users have the same password, allowing each user to access the other's account. By salting the password hashes with two random characters, even if two users choose the same password, they cannot discover that they have done so by reading the passwd file.
See also
External links
- Password Security: A Case History — Robert Morris & Ken Thompson.
- Tutorial to the concept of salt (forum post)
- Storing Passwords - done right!
Cryptography (or cryptology; derived from Greek κρυπτός kryptós "hidden," and the verb γράφω gráfo "write" or λεγειν legein
..... Click the link for more information.
..... Click the link for more information.
BIT is an acronym for:
..... Click the link for more information.
- Bannari amman Institute of Technology
- Bangalore Institute of Technology
- Beijing Institute of Technology
- Benzisothiazolinone
- Bilateral Investment Treaty
- Bhilai Institute of Technology - Durg
..... Click the link for more information.
In cryptography, a key derivation function (or KDF) is a function which derives one or more secret keys from a secret value and/or other known information such as a password or passphrase. Key derivation functions internally often use a cryptographic hash function.
..... Click the link for more information.
..... Click the link for more information.
In cryptography, an initialization vector (IV) is a block of bits that is required to allow a stream cipher or a block cipher to be executed in any of several streaming modes of operation to produce a unique stream independent from other streams produced by the same
..... Click the link for more information.
..... Click the link for more information.
random is used to express lack of order, purpose, cause, or predictability in non-scientific parlance. A random process is a repeating process whose outcomes follow no describable deterministic pattern, but follow a probability distribution.
..... Click the link for more information.
..... Click the link for more information.
A password is a form of secret authentication data that is used to control access to a resource. The password is kept secret from those not allowed access, and those wishing to gain access are tested on whether or not they know the password and are granted or denied access
..... Click the link for more information.
..... Click the link for more information.
A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security.
..... Click the link for more information.
..... Click the link for more information.
key is a piece of information (a parameter) that controls the operation of a cryptographic algorithm. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa during decryption.
..... Click the link for more information.
..... Click the link for more information.
Cryptography (or cryptology; derived from Greek κρυπτός kryptós "hidden," and the verb γράφω gráfo "write" or λεγειν legein
..... Click the link for more information.
..... Click the link for more information.
A hash function [1] is a reproducible method of turning some kind of data into a (relatively) small number that may serve as a digital "fingerprint" of the data. The algorithm "chops and mixes" (i.e.
..... Click the link for more information.
..... Click the link for more information.
In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities.
..... Click the link for more information.
..... Click the link for more information.
In data communications, cleartext is the form of a message or data which is in a form that is immediately comprehensible to a human being without additional processing. A good early reference is to this is ISO/IEC7498-2, Information Processing Systems--Open Systems Interconnection
..... Click the link for more information.
..... Click the link for more information.
Iteration means the act of repeating.
..... Click the link for more information.
Mathematics
Iteration in mathematics may refer to the process of iterating a function, or to the techniques used in iterative methods for solving numerical problems...... Click the link for more information.
In cryptography, key strengthening or key stretching refer to techniques used to make a weak key such as a password or passphrase stronger, i.e. more costly to test combinations through brute force or a dictionary attack.
..... Click the link for more information.
..... Click the link for more information.
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers.
..... Click the link for more information.
..... Click the link for more information.
CipherSaber is an extremely simple symmetric encryption protocol based on the RC4 stream cipher. Its goals are both technical and political: it gives reasonably strong protection of message confidentiality, yet it's designed to be simple enough that even novice programmers can
..... Click the link for more information.
..... Click the link for more information.
Unix (officially trademarked as UNIX®) is a computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs including Ken Thompson, Dennis Ritchie and Douglas McIlroy.
..... Click the link for more information.
..... Click the link for more information.
nonce is a number or bit string used only once. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks.
..... Click the link for more information.
..... Click the link for more information.
passwd is a tool on most Unix and Linux systems used to change a user's password. A key derivation function is used to create a hashed version of the new password. Only the hashed version is stored.
..... Click the link for more information.
..... Click the link for more information.
The process of shadowing passwords is used to increase the security level of passwords on Unix systems, by hiding the encrypted passwords from ordinary users.
..... Click the link for more information.
Unshadowed passwords
On a system without shadowed passwords, /etc/passwd..... Click the link for more information.
rainbow table is a lookup table offering a time-memory tradeoff used in recovering the plaintext password from a password hash generated by a hash function, often a cryptographic hash function. A common application is to make attacks against hashed passwords feasible.
..... Click the link for more information.
..... Click the link for more information.
In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities.
..... Click the link for more information.
..... Click the link for more information.
brute force attack is a method of defeating a cryptographic scheme by trying a large number of possibilities; for example, exhaustively working through all possible keys in order to decrypt a message.
..... Click the link for more information.
..... Click the link for more information.
Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password.
..... Click the link for more information.
..... Click the link for more information.
nonce is a number or bit string used only once. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks.
..... Click the link for more information.
..... Click the link for more information.
In cryptography, an initialization vector (IV) is a block of bits that is required to allow a stream cipher or a block cipher to be executed in any of several streaming modes of operation to produce a unique stream independent from other streams produced by the same
..... Click the link for more information.
..... Click the link for more information.
This article is copied from an article on Wikipedia.org - the free encyclopedia created and edited by online user community. The text was not checked or edited by anyone on our staff. Although the vast majority of the wikipedia encyclopedia articles provide accurate and timely information please do not assume the accuracy of any particular article. This article is distributed under the terms of GNU Free Documentation License.
Herod_Archelaus
