Skip to main content
Unix & Linux

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

22
  • 14
    Biases in the salt are not in themselves harmful (unlike biases in, say, a key). The salt only needs to be unique, it doesn't need to be unpredictable. A salt consisting of a MAC address (or something uniquely identifying the machine) and the time (assuming the clock doesn't go backward) would be fine. The statement that “ideally the salt characters should be equally weighted” is wrong. Commented Aug 4, 2016 at 22:50
  • 7
    @thrig No, a predictable salt does not help with dictionary attacks, because a salt does not help with dictionary attacks as such. A salt helps with attacks that target multiple accounts (more precisely: multiple hashes — also successive hashes on the same account), and for this, all that matters is that the salt is distinct for the different accounts. The unpredictability of salts is irrelevant, only their uniqueness (actually, even a low repeat count is good enough). Commented Aug 5, 2016 at 0:00
  • 8
    However, if the salt is badly generated, it doesn't inspire confidence in the rest of the crypto code. Commented Aug 5, 2016 at 6:29
  • 4
    With salts, they need to be globally unique. They don't need to be random, and they don't need to be secret. But they do need to be globally unique. It turns out, this is harder to do if you try to increment a counter, or create some fancy deterministic algorithm, than just grabbing random bits from the OS RNG. If you generate 16 base64 characters randomly, then you have a n/64^16 chance of collisions. Of course, the whole point of salts, is to make rainbow table attacks fruitless. In this case, a 16-character base64 salt space would be 64^15 < n < 64^16. Not a showstopper, but easily fixed. Commented Aug 5, 2016 at 17:04
  • 4
    @MontyHarder Entropy isn't a type of gasoline- you don't consume it, just like you don't consume temperature. It's a guess at the unpredictable state of your machine, just like temperature is a guess at the energy of gas molecules in a closed volume. Regardless, you should be pulling from /dev/urandom, which after properly seeded, is indistinguishable from true random noise. Also, rolling your own design rather than grabbing data from the RNG is almost guaranteeing to shoot yourself in the foot. Just use /dev/urandom. Commented Aug 5, 2016 at 19:32