[Cryptography] CSPRNG for password salt
Erwan Legrand
erwan at lightbringer.org
Wed Aug 20 05:57:42 EDT 2014
On Wed, Aug 20, 2014 at 10:56 AM, Erwan Legrand <erwan at lightbringer.org> wrote:
> Note that there is a big difference between discussing implementation
> details on this list and giving advice to the public at large (well,
> to web application developpers). Advice needs to be simple: use this
> and that. Also, the cost of requiring a few bytes from a CSPRNG per
> account created is unlikely to induce any noticeable overhead.
One more thing: using a CSPRNG to generate removes a possible cause of
failure. It is very easy to get counters or rand() wrong. For example,
think of a multi-process program such as Apache HTTP: all processes
inherit the same seed or initial counter value. Many users end up
having the salt.
So even if using a CSPRNG to generate salts does not make sense from a
theory point of view, it may make sense from en engineering best
practice point of view. (Although engineering best practice should
first recommend using an existing password hashing library if
possible.)
Erwan
Erwan
More information about the cryptography
mailing list