[Cryptography] encrypting bcrypt hashes
Ray Dillinger
bear at sonic.net
Fri Mar 10 17:40:41 EST 2017
On 03/08/2017 03:13 PM, Mark Steward wrote:
> For a decent chance at unique salts, a good rule of thumb is the square of
> the expected number of hashes. So if they have a million customers, use a
> 40-bit salt or longer. This won't protect against someone trying 1234
> against all salts in the whole DB and knowing 10% will match, but it
> maximises the work required to do that.
If it's down to chance whether two different customers get the same
salt, this is exactly true. This is the 'birthday paradox' in action,
and a number of widely-used methods for generating salts (hashing the
customer's name and/or account number for example) provoke exactly this
problem.
But making sure that customers have unique salts is in principle no
harder than assigning them unique account numbers. There's nothing
secret about a salt, it doesn't need to be hard to guess.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170310/934745dc/attachment.sig>
More information about the cryptography
mailing list