[Cryptography] Repeated Salts?

Ray Dillinger bear at sonic.net
Thu May 18 12:56:55 EDT 2017

On 05/18/2017 03:12 AM, Jerry Leichter wrote:
>> Is there software still in use that is likely to repeat salts across
>> separate installations?

> Returning to your first question:  The earliest implementation of a salt, in Unix 6 or thereabouts and for a while after, used a 12-bit salt.  Obviously this resulted in duplicate salts, certainly within the space of all Unix installations and likely even at some individual installations.

It's enshrined in Tanenbaum's operating systems book (Minix) too.

Which, history being history, is still fine for expository purposes
but oughtn't be used today.  Somebody ought to do a second edition
with stuff that's (now) obviously wrong for security, fixed.

Anyway, considering the "wholesale trawling" attack model it's clearly
worth it to make salts big enough that they can be expected not to be
reused EVER instead of just big enough that they can be expected not to
be reused in the same password file.

And considering it, I think my minimum recommendation for salt just
jumped from 64 bits to 128.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170518/1a76849c/attachment.sig>

More information about the cryptography mailing list