Re: Hash salt (was Re: BCRYPT - Why not using it?)
Boyd Stephen Smith Jr.:
> The salt is randomly generated each
> time the password is set, and it (usually) different for each entry in
> /etc/shadow.
>
> This increases the size of a rainbow table by a factor of 2^(bits in salt),
> effectively stopping the attack for all but the most high-profile target with
> just an 8-bit salt. I'm not sure how many bits are used in a modern salt, but
> I think it is somewhere between 48-bits and 64-bits.
Practically speaking, the attacker prepares one table per hash, rather than
a huge table mixing different salts. When he gets the salt-and-digest, he
picks the correct table and gets running.
Obviously, for the same cost (pre-computation time, storage, online
time) as producing one table in the salt-less case, he can now
generate one table for one particular salt. So he either does it many
times, which becomes impractical, or he does it once for his
"favourite salt", e.g., one which often shows up in the wild due to
stupid/unlucky implementers using constant salt, bad random number
generators or whatever...
Or, when he gets 2^29 hashes from facebook, a salt size of 8 bits
would still give him about 2^21 hashes that he can run through his
table. (This scenario would have to count as "stupid implementers".)
Take care,
Martin
Reply to: