[Cryptography] CSPRNG for password salt

Dennis E. Hamilton dennis.hamilton at acm.org
Wed Aug 20 12:57:09 EDT 2014 

Regarding inexplicable recommendations that CSPRNGs be used to generate the salts for salted-hashes of passwords:
 
I think the use of a cryptographically random password salt is a convenient means to ensure that no salt will be produced more than once (i.e., with the same key/password). It is the uniqueness of salts (and initialization vectors) that is the concern.  Using a properly-implemented CSPRNG for a sufficiently large salt is considered far less risky than deterministic RNGs in this respect, especially where the initialization of the RNG is repeatable or can be influenced/predicted in some manner. 
 
For salted hashing of passwords, this might be mostly a “better safe than sorry” way of not worrying about the increased threat surface of not doing that, especially for the (not unlikely enough) case of salts and salted-hashes of passwords being disclosed, since the pairs are usually found together. 
 
It is difficult to fault as guidance to (cryptography) non-expert use of password hashing functions, along with reinforcement of the litany that developers should not implement cryptographic primitives themselves.
 
 
 
From: cryptography [mailto:cryptography-bounces+dennis.hamilton=acm.org at metzdowd.com] On Behalf Of John B
Sent: Tuesday, August 19, 2014 21:24
To: Jerry Leichter
Cc: Cryptography List
Subject: Re: [Cryptography] CSPRNG for password salt
 
Hi Jerry,

Thank you for a well considered response.
FWIW I agree with your bogus expansion theory. I also can't see any realistic attack but it's often better to be cautious and ask.
In answer to your question - "Where did you see this?" here are the top 2 hits:

https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet#Use_a_cryptographically_strong_credential-specific_salt
(As pertaining to salt) "Use cryptographically-strong random [*3] data;"
https://crackstation.net/hashing-security.htm#properhashing
Salt should be generated using a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG). CSPRNGs are very different than ordinary pseudo-random number generators, like the "C" language's rand() function.
 
Regards,
John
[ … ]
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140820/0cfe95e2/attachment.html>

More information about the cryptography mailing list