password strengthening: salt vs. IVs
travis+ml-cryptography at subspacefield.org
travis+ml-cryptography at subspacefield.org
Mon Oct 29 15:24:23 EDT 2007
So back in the bad old days when hashing was DES encryption of the
zero vector with a fixed key, someone came up with salt as a password
strengthening mechanism.
I'm not quite sure why it was called salt.
It perturbed the S-boxes in DES IIRC, but essentially it was a known
bit of text that was an input to the algorithm that varied between
entries, like an IV does with encryption.
If there isn't already a term for this, I'm going to call this
general concept "individuation", or possibly "uniquification".
Nowadays with strong hash algorithms, but rainbow tables and
low-entropy passwords as the threat, I'm wondering what the best
practice is.
I was thinking of simply prepending a block of text to each passphrase
prior to hashing, and storing it with the hash - similar to salts in
passwd entries.
It should have at least as much entropy as the hash output, maybe a
little more in case there's collisions. If it were uniformly random,
you could simply XOR it with the passphrase prior to hashing and save
yourself some cycles, right?
Would it be appropriate to call this salt, an IV, or some new term?
--
Life would be so much easier if it was open-source.
<URL:http://www.subspacefield.org/~travis/> Eff the ineffable!
For a good time on my UBE blacklist, email john at subspacefield.org.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 825 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20071029/c0cde0fb/attachment.pgp>
More information about the cryptography
mailing list