Password hashing

Martin James Cochran Martin.Cochran at Colorado.EDU
Sat Oct 13 00:05:09 EDT 2007

On Oct 12, 2007, at 6:47 PM, Sandy Harris wrote:

> On 10/13/07, Martin James Cochran <Martin.Cochran at> wrote:
>> ...  What's wrong with starting
>> with input SALT || PASSWORD and iterating N times, ....
> Shouldn't it be USERID || SALT || PASSWORD to guarantee that if
> two users choose the same password they get different hashes?
> It looks to me like this wold make dictionary attacks harder too.

If the salt space is large enough ( > 128 bits, say) and the salts  
are generated with a good source of randomness, then it's  
overwhelmingly likely that an attacker will have to do a dictionary  
attack per user anyway, even across many different machines.  Also,  
with such a large salt space it's extremely unlikely that users who  
choose the same passwords will have the same salt.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list