开发者

How strong do salts need to be?

开发者 https://www.devze.com 2022-12-15 03:37 出处:网络
How strong do salts need to be? At the moment I use this function to generate a \"unique\" salt upon user registration:

How strong do salts need to be?

At the moment I use this function to generate a "unique" salt upon user registration:

$salt = substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyz'), 0, 12);

I then hash it with sha1 along with the password.

What do you think开发者_StackOverflow中文版?

PS. I'm not planning on getting MySpace big.


When it comes to security it's not really an issue of how strong your salt is, it's an issue of how computationally expensive the hashing function is. SHA1 and MD5 are cheap. If you're going to stick with fast (weak) hashing functions - and this may be perfectly acceptable for small sites, I don't mean to imply otherwise - then I wouldn't worry about just how cryptographically-random the salt is. As long as it's random, it'll serve its purpose of eliminating precisely one attack vector (rainbow tables).


The purpose of random salts is to ensure that a simple rainbow table won't work to decrypt the passwords, should the database table be leaked. If each record has its own salt, a new rainbow table would be needed for every single row.

Your shuffling approach is fine. The main point is for the salts to be DIFFERENT for each record, so that a single rainbow table won't compromise the whole table of passwords. The "strength" of the salts isn't as important.


The method of shuffling characters and taking the first 12 is equivalent to picking (without repetitions) 12 characters when the order matters. You have 36!/(36-12)! ~~ 2^59 possible ways of doing this.

If you pick all 12 elements (with possible repetitions) from the set of 36 letters, there are 36^12 ~~2^62 possible ways of doing it.

So in the method you used you end up with around 59 bits of entropy. I would say it's sufficient for any application and gives only 8 times less combinations that picking elements with repetitions.


How strong a salt is all depends on how worried you are about security. You could simply salt it with the username (not very strong,) or you could generate a unique salt for each user, as you did.

If you're really worried, you could also create an encryption key, and encrypt each of these.

The more you add to it, the stronger it will, be, obviously. It's all just how worried about security you are.

You could try adding some special characters to that salt and it would be a lot stronger.


Salt lengths of 12 characters or more are difficult to crack but you can easily make your salts stronger by using other characters too i.e. upper case letters and special characters.

You are already salting your hash and ensuring each record has it's own individual salt which is very important.


Any sufficiently random salt is strong "enough". The more randomness and more characters your salt has, the better for the hash, but anything that's several characters long and random works.

Here's some interesting links on password security:

  • http://en.wikipedia.org/wiki/Password_cracking
  • http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html
  • http://www.codinghorror.com/blog/archives/000953.html
0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号