I have been doing some reading on the salted hash and I know that I never setup a salt for servers. We are doing some documentation for our security people and the question came up about the salt and if it differs for each user, or if the same salt is used?
Thanks, Eric Speake Web Systems Administrator O'Reilly Auto Parts (417) 862-2674 Ext. 1975
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS � 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
On Tue, Mar 18, 2014 at 09:49:36AM -0500, espeake@oreillyauto.com wrote:
I have been doing some reading on the salted hash and I know that I never setup a salt for servers. We are doing some documentation for our security people and the question came up about the salt and if it differs for each user, or if the same salt is used?
The basic idea of a salted hash is that the salt is different for every user so that a rainbow table of hashes is only useful for a single password.
Usually, the salt is randomized when a hash is generated.
Greetings Marc
Thanks Marc. That's what I was getting out of it as well but I wanted to check to be sure.
Eric Speake Web Systems Administrator O'Reilly Auto Parts (417) 862-2674 Ext. 1975
From: Marc Haber mh+openldap-technical@zugschlus.de To: openldap-technical@openldap.org Date: 03/18/2014 10:12 AM Subject: Re: Fw: Salted hashes Sent by: openldap-technical-bounces@OpenLDAP.org
On Tue, Mar 18, 2014 at 09:49:36AM -0500, espeake@oreillyauto.com wrote:
I have been doing some reading on the salted hash and I know that I never setup a salt for servers. We are doing some documentation for our
security
people and the question came up about the salt and if it differs for each user, or if the same salt is used?
The basic idea of a salted hash is that the salt is different for every user so that a rainbow table of hashes is only useful for a single password.
Usually, the salt is randomized when a hash is generated.
Greetings Marc
-- -----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 31958061 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062
-- This message has been scanned for viruses and dangerous content, and is believed to be clean. Message id: 9899260142D.AEEF2
This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS � 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
espeake@oreillyauto.com wrote:
I have been doing some reading on the salted hash and I know that I never setup a salt for servers. We are doing some documentation for our security people and the question came up about the salt and if it differs for each user, or if the same salt is used?
It would be a poor salt if it was reused for multiple users. If you understand why a salt is used, the answer should be obvious.
openldap-technical@openldap.org
-
espeake@oreillyauto.com -
Howard Chu -
Marc Haber