Browse by Tags

Tagged Content List
  • Blog Post: You Want Salt With That? Part Four: Challenge-Response

    My friend Kristen asked me over the weekend when I was going to stop blogging about crypto math and say something funny again. Everyone's a critic! Patience. my dear. Today, the final entry in my series on salt. Tomorrow, who knows? *********************** So far we've got a system whereby the server...
  • Blog Post: You Want Salt With That? Part Three: Salt The Hash

    Last time we were considering what happens if an attacker gets access to your server's password file. If the passwords themselves are stored in the file, then the attacker's work is done. If they're hashed and then stored, and the hash algorithm is strong, then there's not much to do other than to hash...
  • Blog Post: You Want Salt With That? Part Two: We Need A Hash

    OK, we want to sketch out an authentication system which is sufficiently secure against common attacks even if all the details of the system are known to the attacker. Let's start with a simple system, take a look at what its vulnerabilities are, and see if we can mitigate them: System #1 The client...
  • Blog Post: You Want Salt With That? Part One: Security vs Obscurity

    A poster to one of the Joel On Software fora the other day asked what a "salt" was (in the cryptographic sense, not the chemical sense!) and why it's OK to make salts public knowledge. I thought I might talk about that a bit over the next few entries. But before I do, let me give you all my standard...
Page 1 of 1 (4 items)