Perhaps similar to the way in which chefs change the flavor of traditional recipes by adding new ingredients, cryptographic salt adds random data to a cryptographic function, thereby altering the final output.
Salt can be kept public or private, and is often added to a cryptographic hash function in order to impede dictionary attacks. Because dictionary attacks pre-compute hashes from known inputs, altering the input with a slight amount of random data not only makes the input “uncommon,” but also drastically changes the final output.
Salted hash functions are commonly used in password and other security applications. The Linux and other UNIX operating systems use salted MD5 hashes for passwords. Take the following excerpt from a standard /etc/shadow password file:
joe:$1$kPlDsJ6j$PpNB6HafL1wayp6DHS2aN.:14276:0:99999:7:::
In this example, Joe's password happens to be “University,” a poor choice for a password as it is based on a dictionary word. If an attacker were to compute the MD5 checksum for every word in a given dictionary, it wouldn't take long to enumerate University to: 166b8adbf8dd12ae1585c015a837c1f7. However, because Joe's password has be “salted” with the value “kPlDsJ6j,” finding the MD5 equivelent of Joe's password actually becomes Crypt(”Universityk,PlDsJ6j”), which is highly unlikely to exist as an input within a dictionary attack table.
|
|
Last Updated on Saturday, 21 November 2009 09:32 |
Feed Entries 
Tech Encyclopedia 
