[Cryptography] CSPRNG for password salt

Jerry Leichter leichter at lrw.com
Wed Aug 20 07:23:22 EDT 2014


On Aug 20, 2014, at 7:12 AM, Erwan Legrand <erwan at lightbringer.org> wrote:
> >This is a rather weak argument.  You're contrasting a CSPRNG - something >that's quite difficult to build correctly, as we've seen from many discussions >on this list - with something as simple as "remember the last one and add one >to get the next"....
> 
> As I said, the target audience is web application developpers. These do not write CSPRNG's. Yet many of them write authentication code using a crypto toolkit.
> 
> Does this make sense now?
> 
Sorry, but no.  I consider it similar to the following argument:  An electrical circuit needs a fuse.  But, you know, people might stick the wrong size fuse in there.  Or they might even stick in a penny (OK, this style of fuse hasn't been used in 50 years).  I can do better.  I have a digital voltage sensor, which I can turn into an amperage sensor with a resistor.  I can feed that into my Arduino and monitor the current drawn.  I'll include a digital model of the kind of fuse that's supposed to go here, so that it lets peaks of the right sort through, etc.  Then I'll write a driver to control a relay.  Now I've got solid, modern protection for my circuit, and people can't screw it up!

Replacing a simple design with a more complex one "just because you have the parts around" adds to risk, it doesn't ameliorate it.

I've written separately - in messages that haven't yet been forwarded to the list; our moderators are likely still asleep - about the actual threats, and that one could argue for using a CSPRNG on "defense in depth" principles, even if the argument is a bit of a stretch.  But I don't buy the "it's better engineering because you might screw up code to add 1 to the last number" argument.
                                                        -- Jerry

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140820/4696926b/attachment.html>


More information about the cryptography mailing list