lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.DEB.2.20.1506251830350.31785@debian> Date: Thu, 25 Jun 2015 18:40:27 +0200 (CEST) From: Stefan.Lucks@...-weimar.de To: discussions@...sword-hashing.net Subject: Re: [PHC] Why protect against side channel attacks On Thu, 25 Jun 2015, Ben Harris wrote: > On 25 Jun 2015 9:07 pm, <Stefan.Lucks@...-weimar.de> wrote: > > > > If we would assume the salt to be secret, we should not call it a "salt". > To avoid confusion, it would then deserve to be called a "key". > > I'm curious if there was any period of time since the inception of the salt > that it was considered "public". For a security engineer, there is a huge gap between considering something "not public", and assuming something "secret". > But no, the salt is better considered as "sensitive" and treated in the same > respect as the password hash. Agreed. But if the salt where "secret", one would have to generate it from some high-entropy random source -- as you would do for cryptographic keys. I have seen plenty of implementations using low entropy sources to generate "random" salts. Thus, when knowing user i's salt, you have a decent chance to guess user (i+1)'s salt. This appears to be OK ... except when the salt is *secret*. Stefan -------- I love the taste of Cryptanalysis in the morning! -------- www.uni-weimar.de/de/medien/professuren/mediensicherheit/people/stefan-lucks ----Stefan.Lucks (at) uni-weimar.de, Bauhaus-Universität Weimar, Germany----
Powered by blists - more mailing lists