[colug-432] Hash and salt, where does the salt go ?
Tom Hanlon
tom at functionalmedia.com
Mon Jan 6 17:08:35 EST 2014
Colug,
Just catching up on MD5 SHA1 and associated collision issues.
Along the way I came across the wikipedia article on salt.
http://en.wikipedia.org/wiki/Salt_%28cryptography%29
I thought I understood the add salt and then hash process.
But then I thought again, it has been a long time since I had to talk about
Bob alice and Ted trying to share secrets. So I need a refresher.
If Alice has a password after her cat, fluffy.
And we go to store that password we would hash it.
Before we hash it we add some salt ( now I am getting hungry for some
salted hash)
So fluffy = > salt+fluffy =>hash => password file
Then when alice goes to login she types
fluffy => we add salt => salt+fluffy => hash
if hash == password file then she can access her bank account, if not she
has to tall use her Mom's maiden name and her high school mascot.
So the question I have is..
The article describes the salt as randomly generated when the password is
created.
Where do we store it ?
Obviously her newly generated Salt has to be kept on the authenticator's
tool in some fashion.
Did I just ask a question or propose a meeting topic ? Or both ?
Anyhow..
where is the salt ??
** note that although I added some humor (I hope) here and there, I am
serious. Where is the salt lookup table stored ?
--
Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20140106/e6a0d068/attachment.html
More information about the colug-432
mailing list