Private Key Generation from Passwords/phrases

Abe Singer abe at
Mon Jan 22 19:57:34 EST 2007

On Sun, Jan 21, 2007 at 12:13:09AM -0500, Steven M. Bellovin wrote:
> One sometimes sees claims that increasing the salt size is important.
> That's very far from clear to me.  A collision in the salt between
> two entries in the password file lets you try each guess against two
> users' entries.  Since calculating the guess is the hard part,
> that's a savings for the attacker.  With 4K possible salts, you'd need a
> very large password file to have more than a very few collisions,
> though.  It's only a benefit if the password file (or collection of
> password files) is very large.

Definition of "very large" can vary. (alliteraiton intended).  Our userbase
is about 6,000 active users, and over the past 20 years we've allocated 
at least 12,000 accounts.  So we definitely have collisions in 4k salt space.
I'm not speaking to collisions in passwords, just salts.

UCSD has maybe 60,000 active users.  I think "very large" is very common
in the University environment.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list