Salt (cryptography)
|
In data encryption, salt is an initialization vector of a block cipher, Often specifically salt is an initialization vector used to obscure a pass phrase.
When the list of encrypted pass phrase is simply stored in a file, users who shares the same pass phrase will also share the same encrypted password. In this simple scheme, if a user is able to find another encrypted pass phrase that is a copy of his, he will be able to deduce that he and that other user shares the same password.
To get around this problem, we use in our encryption (salt+pass phrase) hence the resultant encrypted pass phrase will be the different even if the pass phrase is the same.
In cryptography, salt consists of random bits (typically 12 or more) used as one of the inputs to a key derivation function. The other input is usually a password or passphrase. The output of the key derivation function is often stored as the encrypted version of the password. It can also be used as a key for use in a cipher or other cryptographic algorithm. A salt value is typically used in a hash function.
The salt value may or may not be protected as a secret. In either case the additional salt data makes it more difficult to conduct a dictionary attack using pre-encryption of dictionary entries, as each bit of salt used doubles the amount of storage and computation required.
In some protocols, salt is transmitted in the clear with the encrypted data, sometimes along with the number of iterations used in generating the key. Cryptographic protocols that use salt include SSL and Ciphersaber.
See also
- Storing Passwords - done right! (http://www.aspheute.com/english/20040105.asp)de:Salt (Kryptografie)