<div dir="ltr"><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div><div>Colug, <br><br></div>Just catching up on MD5 SHA1 and associated collision issues. <br><br></div>Along the way I came across the wikipedia article on salt. <br>
<br><a href="http://en.wikipedia.org/wiki/Salt_%28cryptography%29">http://en.wikipedia.org/wiki/Salt_%28cryptography%29</a><br><br></div>I thought I understood the add salt and then hash process. <br><br></div>But then I thought again, it has been a long time since I had to talk about Bob alice and Ted trying to share secrets. So I need a refresher. <br>
<br></div>If Alice has a password after her cat, fluffy. <br><br></div>And we go to store that password we would hash it. <br><br></div>Before we hash it we add some salt ( now I am getting hungry for some salted hash) <br>
<br></div>So fluffy = > salt+fluffy =>hash => password file<br><br></div>Then when alice goes to login she types <br><br></div>fluffy => we add salt => salt+fluffy => hash <br><br></div>if hash == password file then she can access her bank account, if not she has to tall use her Mom's maiden name and her high school mascot. <br>
<br></div>So the question I have is..<br></div>The article describes the salt as randomly generated when the password is created. <br><br></div>Where do we store it ? <br><br></div>Obviously her newly generated Salt has to be kept on the authenticator's tool in some fashion. <br>
<br></div>Did I just ask a question or propose a meeting topic ? Or both ?<br><br></div>Anyhow.. <br><br></div>where is the salt ??<br><br></div>** note that although I added some humor (I hope) here and there, I am serious. Where is the salt lookup table stored ? <br>
<br>--<br></div>Tom <br></div>