Private Key Generation from Passwords/phrases
Abe Singer
abe at sdsc.edu
Mon Jan 22 19:57:34 EST 2007
On Sun, Jan 21, 2007 at 12:13:09AM -0500, Steven M. Bellovin wrote:
>
> One sometimes sees claims that increasing the salt size is important.
> That's very far from clear to me. A collision in the salt between
> two entries in the password file lets you try each guess against two
> users' entries. Since calculating the guess is the hard part,
> that's a savings for the attacker. With 4K possible salts, you'd need a
> very large password file to have more than a very few collisions,
> though. It's only a benefit if the password file (or collection of
> password files) is very large.
Definition of "very large" can vary. (alliteraiton intended). Our userbase
is about 6,000 active users, and over the past 20 years we've allocated
at least 12,000 accounts. So we definitely have collisions in 4k salt space.
I'm not speaking to collisions in passwords, just salts.
UCSD has maybe 60,000 active users. I think "very large" is very common
in the University environment.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list