Re: Salt size



Kless <jonas.esp@xxxxxxxxxxxxxx> writes:

To get a hashed password, using SHA-256 algorithm.

Again for what? ARe you designing a system? Is this a system in use?

The purpose of the salt is to prevent the attacker from launching a
predetermined dictionary attack. Thus they could precompute the SHA has of
a huge dictionary and compare to the hashed password. If you have salted
it, they would need to precalculate n times as large a database where n is
the number of salts. If y ou are designing the thing, then it is up to you
to decide what value of n is big enough.
128 bits means that n is 2^128=10^40 .



On Jul 16, 12:06=A0am, Unruh <unruh-s...@xxxxxxxxxxxxxx> wrote:
Kless <jonas....@xxxxxxxxxxxxxx> writes:
Which size is recommended for a salt?

Ffor what? The answer could be anywhere from 0 bytes to 1000 bytes.

The 'bcrypt' hash algorithm (created by OpenBSD) uses a size of 128
bits (16 bytes).

.