Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 18 Dec 2005 20:18:18 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: salts (was: question-newbi)

On Thu, Dec 15, 2005 at 03:13:36PM -0500, John Smith wrote:
> Salt is a "random" string that is concatenated with passwords before 
> being operated on by the hash function.

This is a valid, but greatly simplified description.

For those who might be interested in a more complete description, here's
what I wrote in a private e-mail responding to a similar question:

"salts" in general, not necessarily applied to Unix passwords, you may
find explained in good books on cryptography.  For example, I've just
taken my copy of Alfred J. Menezes et al. "Handbook of Applied
Cryptography" (780 pages), opened the Index and it has two references
for "Salt".  The first one is specific to a case that has little to do
with passwords (although the concept of "salting" is still the same),
while the other one is precisely about password hashing (page 390,
"Salting passwords", then, a few pages later, the book covers the
traditional DES-based Unix password hashes).  The book isn't very new
(first published in 1996 I think), so it won't cover modern advances
precisely in this area (other Unix password hashes in use nowadays and
such), but most of the concepts are old enough.

Of course this information may also be found online, in particular in
Terry Ritter's collections of commented and well-organized sci.crypt
and other online postings:

	http://www.ciphersbyritter.com

and in particular for "salts":

	http://www.ciphersbyritter.com/NEWS6/SALT.HTM

Update: The Alfred J. Menezes et al. book I was referring to in this
e-mail is now available for download:

	http://www.cacr.math.uwaterloo.ca/hac/

Additionally, Owl and other GNU/Linux distributions which have
integrated my crypt_blowfish package include this brief explanation of
what salts are for in the crypt(3) manual page:

       All  of  the  hashing methods use salts such that the same
       key may produce many possible hashes.  Proper use of salts
       may defeat a number of attacks, including:

       1.     The ability to try candidate passwords against mul-
              tiple hashes at the price of one.

       2.     The use of pre-hashed lists of candidate passwords.

       3.     The  ability to determine whether two users (or two
              accounts of one user) have the  same  or  different
              passwords  without  actually having to guess one of
              the passwords.

crypt_blowfish and the manual page (in roff and PostScript formats) is
available here:

	http://www.openwall.com/crypt/

> As I recall windows doesn't use salts.

That's correct.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.