encryption - Block ciphers SALT: clear text or secret? -

-

There are many articles and quotes on the Web that a 'salt' should be kept secret even on Wikipedia entry :

For the best protection, the value of salt is kept secret, the password is different from the database. It provides a benefit when the database is stolen but not salt. In order to set a password from the stolen hash, an attacker can not try the normal password (such as the word or name of the English language). Rather, they have to count the swans of random characters (at least those who know about input are salt), which is very slow.

Since I know about a fact, encryption salt (or initial vector) is okay to store on clear text with encrypted text, I Is ask?

My idea is that the origin of the problem is a common misconception between encryption salt ( initial vector of block cipher) and hashing 'salt'. It is a common practice to add a common, or 'salt' to the collection of hashed passwords, and this (minor) is true that 'salt' is kept secret, in lieu it does not make salt, But there is a key similar to the very clearly designated Secret . If you added the article to Wikipedia 'salt' entry you will see that this is the kind of 'salt' you are talking about, has a password hash I disagree with most of these plans because I believe that password Storage plans should also be allowed, in this case only the potential storage user name is the Highest Digest: realm: password, see.

If you have any opinion on this issue, please post it as a response here.

  1. Do you think the salt should be hidden for cipher encryption? Explain why and how .
  2. Do you agree that the blanket details 'salts should be hidden' is generated by salted hashing and does not apply to encryption?
  3. Can we include REP ciphers (RC4) in the discussion?

If you are talking about IV, in block cipher, it definitely Should be clear from Most people secretly make their peers weak IV

The fourth should be random, each encryption should be different, it is very difficult to manage a random IV. Some people only use a certain IV, defeating the purpose of IV.

I used to work with a password with a password, which was encrypted with secret IV. The same password is always encrypted with the same cipher text. This rainbow table is very prone to attack.


Comments

Post a Comment

Popular posts from this blog

asp.net - Javascript/DOM Why is does my form not support submit()? -

-
This is my first time working with asp.net and javascript, so I do not know very good web resources, or Much about javascript debugging I have to find out that on line oFormObject.submit (); Microsoft JScript Runtime Error: Object does not support this property or method I am using the link to work as a button because I am terrible in aesthetics and I think That link will look more professional than a table of 50 buttons. I have read that this solution can cause problems with browsers due to pre-rendering of my links and many additional traffic and problems, but CSS gives me a button like a link, which has issues of alignment and difference seemed to. & lt ;! DOCTYPE HTML PUBLIC "- // W3C // DTD HTML 4.01 // N" "http://www.w3.org/TR/html4/strict.dtd"> & Lt; Html xmlns = "http://www.w3.org/1999/xhtml" & gt; & Lt; Head & gt; & Lt; Link rel = "stylesheet" type = "text / css" href = "defect differen
Read more

sockets - Delphi: TTcpServer, connection reset when reading -

-
I am trying to implement one for Delphi, but there are some problems with communication. Fitnesse will start my process, and give me a portmember as a command line argument. Then I should make a socket on the port number given to me, and fitness will connect to that port I am using a TCPCP server for the job: < Pre> TcpServer1.LocalPort: = ParamStr (ParamCount); TcpServer1 Active: = true; On OnEXEPT () -Event, I send the protocol version to use as specified in the protocol. Process TForm1.TcpServer1Accept (From: TOBject; ClientSocket: TCustomIpClient); Var s: ansistring; Start clientSocket. Syndrome ('slim - v 0.0', # 10); SetLength (S, 6); ClientSketts Receavebook (S, 6); End; When I call ReceiveBuf (), the process ends, and fitness throws an exception: java.net.SocketException: connection Reset I have seen what sent and received. It shows that my code sends the protocol version, fitness sends back a message, and when I try to get this message
Read more

javascript - Classic ASP "ExecuteGlobal" statement acting differently on two servers -

-
I have a strange problem that I really do not know. In addition to developing a new ASP.NET site, I have to support the old "classic ASP" site. It is written in VBScript with a batch of JavaScript functions. Many of the JavaScript functions include 'files' Everything is fine on our production system (which security is controlled by another group - this is a military installation) Debugging them once did not work I). However, I have a fix for a vague bug that needs to be fully tested and some functions do not run under the "local" copy of the website that runs on my PC. For the record, I am running IIS 5.1 on XP. The problem is that some Javascript functions are running "OK" on the production server, but when they use it as a server, they are not defined on my PC what is happening that last Programmer, for some reason, has decided to put some functions in a series of files, which according to the observations, imitate the "need_once
Read more