Re: Importance of salt
From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 09/17/05
- Previous message: Valery Pryamikov: "Re: Importance of salt"
- In reply to: Valery Pryamikov: "Re: Importance of salt"
- Next in thread: Valery Pryamikov: "Re: Importance of salt"
- Reply: Valery Pryamikov: "Re: Importance of salt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 17 Sep 2005 02:04:05 -0700
Hello Valery,
i just wanted to say "where is valery when you need him" :)
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
> Hi,
> Dominick and William have already gave you some answers, so here is
> just
> some additional info for you.
> you can check my older blog post:
> http://www.harper.no/valery/PermaLink,guid,ea26f2f0-31f7-4707-89eb-191
> 940d5bf63.aspx
> where I discuss differences and relations and between salts and IV.
> About passwords in cryptography - there are tons of resources, you can
> start with
> http://www.google.com/search?hl=en&q=passwords+site%3Arsasecurity.com
>
> and if you want latest and best mathematical treatment of passwords -
> here some recent papers on subject from several best experts in the
> field:
>
> Passwords and Offline Guessing Attacks.
> O. Goldreich and Y. Lindell, "Session Key Generation using Human
> Passwords Only." Extended abstract in Proc. of Crypto 2001,
> pp. 408-32, 2001.
> J. Katz, R. Ostrovsky, and M. Yung, "Efficient and Secure
> Authenticated Key Exchange Using Weak Passwords." Extended abstract
> in Proc. of Eurocrypt 2001, pp. 475-94, 2001.
> R. Gennaro and Y. Lindell, "A Framework for Password-Based
> Authenticated Key Exchange." Extended abstract in Proc. of Eurocrypt
> 2003, pp. 524-43, 2003.
> The full online versions are:
> http://www.wisdom.weizmann.ac.il/~oded/PS/passwd3.ps
> http://www.cs.umd.edu/~jkatz/papers/password.pdf
> http://www.cs.biu.ac.il/~lindell/PAPERS/hash-password.ps
> -Valery.
> http://www.harper.no/valery
> <vla10d@gmail.com> wrote in message
> news:1126788688.707781.115640@g43g2000cwa.googlegroups.com...
>
>> Hello,
>>
>> I have one question regarding the importance of salt in encryption.
>>
>> As I understand, the salt is used to prevent dictionary attacks.
>> Also, it is recommended that the salt isn't always the same, and that
>> it should be randomly generated for each message. This random salt
>> should then be stored in the encrypted message, as a prefix for
>> example, so that it could be retrieved during the decryption.
>>
>> Now, I don't understand how this helps with dictionary attacks? For
>> example, if the attacker knows that the first 8 bytes for example are
>> salt, can't he simply modify his attacking program to include that
>> salt for each word he retrieves from the dictionary? The assumption
>> here is that the attacker gets access to the original encryption
>> software as well as the message.
>>
>> Secondly, can someone explain how do the increased interations in
>> PasswordDeriveBytes help?
>>
>> Thanks for your help,
>>
>> V.
>>
- Previous message: Valery Pryamikov: "Re: Importance of salt"
- In reply to: Valery Pryamikov: "Re: Importance of salt"
- Next in thread: Valery Pryamikov: "Re: Importance of salt"
- Reply: Valery Pryamikov: "Re: Importance of salt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
