Where to store your salt
From: Edgar Sánchez (edgar.sanchez_at_logicstudio.net)
Date: 01/24/04
- Previous message: Rob Mayo: ".NET HttpModule & NTLM Integrated Authentication"
- Next in thread: Ken Cox [Microsoft MVP]: "Re: Where to store your salt"
- Reply: Ken Cox [Microsoft MVP]: "Re: Where to store your salt"
- Reply: Derek Slager: "Re: Where to store your salt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 23 Jan 2004 22:41:26 -0500
Reviewing the code in "Building Secure Microsoft ASP.NET Applications" for
hashing passwords with salt, I see that the salt is stored in the same table
as the hashed password. The idea of using salt is to make a dictionary
attack harder but if we store the salt close to the hashed password then the
attacker can attach the salt to the dictionary passwords and go on with
his/her attack. For what I understood of the salting technique, the salt
should be saved somewhere else, is this right or I am missing something?
- Previous message: Rob Mayo: ".NET HttpModule & NTLM Integrated Authentication"
- Next in thread: Ken Cox [Microsoft MVP]: "Re: Where to store your salt"
- Reply: Ken Cox [Microsoft MVP]: "Re: Where to store your salt"
- Reply: Derek Slager: "Re: Where to store your salt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
