[Cryptography] CSPRNG for password salt
Erwan Legrand
erwan at lightbringer.org
Wed Aug 20 04:56:47 EDT 2014
On Wed, Aug 20, 2014 at 6:23 AM, John B <vertex.vr4 at gmail.com> wrote:
> I also can't see any realistic attack but it's often better to be cautious and ask.
How about this? Suppose there is a flaw in some widely deployed
software which allows easy retrieval of the password file. Now,
thanks to Google
(https://www.phpbb.com/community/viewtopic.php?f=64&t=1852465), I
might have access to 100,000,000 password files which I can merge and
feed to my password cracker. A very predictable salt (such as a
counter or rand() with a fixed seed) would drastically reduce the cost
of attacking passwords.
Note that there is a big difference between discussing implementation
details on this list and giving advice to the public at large (well,
to web application developpers). Advice needs to be simple: use this
and that. Also, the cost of requiring a few bytes from a CSPRNG per
account created is unlikely to induce any noticeable overhead.
Erwan
More information about the cryptography
mailing list