[Cryptography] CSPRNG for password salt
Erwan Legrand
erwan at lightbringer.org
Wed Aug 20 06:14:22 EDT 2014
On Wed, Aug 20, 2014 at 11:57 AM, Erwan Legrand <erwan at lightbringer.org> wrote:
> One more thing: using a CSPRNG to generate removes a possible cause of
> failure. It is very easy to get counters or rand() wrong. For example,
> think of a multi-process program such as Apache HTTP: all processes
> inherit the same seed or initial counter value. Many users end up
> having the salt.
>
> So even if using a CSPRNG to generate salts does not make sense from a
> theory point of view, it may make sense from en engineering best
> practice point of view. (Although engineering best practice should
> first recommend using an existing password hashing library if
> possible.)
Here's another real life example, this time of a problem encountered
with rand(). Calling some third party library function resulted in the
seed being set to 0. I seem to remember that libxml2 does this.
More information about the cryptography
mailing list