RE: One-way hash with Salt

From: Jeff Qiu (jefffqiu@online.microsoft.com)
Date: 01/06/03 

From: jefffqiu@online.microsoft.com (Jeff Qiu)
Date: Mon, 06 Jan 2003 08:34:44 GMT

Hi Paul,

Generally, a one-way hash function has many names. Among them are message
digest, fingerprint, and compression function. A hash function is an
algorithm that takes a variable-length string as the input and produces a
fixed-length binary value (hash) as the output. The tricky part is to make
this process irreversible, that is, finding a string that produces a given
hash value should be very hard (hence the word "one-way"). It should also
be hard to find two arbitrary strings that produce the same hash value.

Both the client and server side will have the fixed hash value to do the
hash function. The one-way refer to the process of the hash, not the
digital signed process.

You may refer to the following KB about the client authentication process
during the Secure Sockets Layer (SSL) handshake.
http://support.microsoft.com/default.aspx?scid=KB;EN-US;257586

Regards,

Jeff Qiu
jefffqiu@online.microsoft.com
Online Support Professional
Microsoft Corporation

This posting is provided Ħ°AS ISĦħ with no warranties, and confers no
rights.

--------------------
>From: "paul reed" <prreed@jacksonreed.com>
>Subject: One-way hash with Salt
>Date: Sun, 5 Jan 2003 16:12:37 -0800
>microsoft.public.win2000.security
>
>I was recently directed to an article about endryption of passwords and the
>acknowledgement that it is best to use a one-way has with a strong random
>number as the salt to generate it.
>
>I must be missing something...because how does the one way hash work? Here
>is the scenario as I understand it:
>
>1. user sets themselves up and assigns their pwrd. Instead of encrypting
the
>pwd (which requires that I secure the key used to enrypt it)...I create a
>one-way hash and use this to store the pwd in the db. Since a random number
>is used to generate the hash...how is it on subsequent access by the
>client...am I able to generate the same hash value from the pwd they supply
>at login...since I would getting a different random number to compute the
>hash? Seems to me they would never match.
>
>I am sure I am missing something here.
>
>Regards,
>
>Paul Reed
>
>
>

Relevant Pages

  • Re: Some comments on "super fast hash"
    ... SFH seems reasonably good and certainly is fast. ... > a hash, and SFH does not. ... The latest versions of each hash function which leverages this ... it must behave worse on other key sets. ...
    (comp.programming)
  • Some comments on "super fast hash"
    ... I've implemented a hash function here: ... SFH seems reasonably good and certainly is fast. ... quality of the hash function is not affected by the difference as far ... it must behave worse on other key sets. ...
    (comp.programming)
  • Re: Maximum String size in Java?
    ... >> compilation on any new target platform that does not already have ... Do you have a version of SFH posted with changes to use this file ... If they intend to use a hash ... benefit of 31/33 will sway me into using more than one hash function. ...
    (comp.programming)
  • Re: Suggestions for double-hashing scheme
    ... chain style and reprobe style are basically a wash. ... will be a smaller chance of encountering deleted entries before it. ... Once you sufficiently optimize a hash table, ... by computing of the hash function). ...
    (comp.programming)
  • Re: One-way hash with Salt
    ... Hi Paul, ... would best be addressed in the developer newsgroups. ... I don't know how the hash I produce the second time can match to the ... a one-way hash function has many names. ...
    (microsoft.public.win2000.security)
Quantcast