Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Salt size
July 15, 2008, 8:24 pm
rate this thread
Re: Salt size
Again for what? ARe you designing a system? Is this a system in use?
The purpose of the salt is to prevent the attacker from launching a
predetermined dictionary attack. Thus they could precompute the SHA has of
a huge dictionary and compare to the hashed password. If you have salted
it, they would need to precalculate n times as large a database where n is
the number of salts. If y ou are designing the thing, then it is up to you
to decide what value of n is big enough.
128 bits means that n is 2^128=10^40 .
Re: Salt size
OK, then as I have said, the salt is there to prevent precompiled
dictionary attacks on your system. 128 bit salt is way overkill.
It also does no harm. Even the 12 bits of the unix crypt
password helps a lot.
Decide for yourself.
Note one of the other primary uses is to prevent an attacker from knowing
that a user has the same password on two different systems. Since you are,
for some weird reason, rolling your own, that is not a problem.
- » HPSBMA02133 SSRT061201 rev.9 - HP Oracle for OpenView (OfO) Critical Patch Update
- — Next thread in » General Computer Security
- » Re: Hello, my name is Ari Silvershit-Slime -- you should remember me.
- — Previous thread in » General Computer Security