Browse by Tags

• You Want Salt With That? Part Four: Challenge-Response

  My friend Kristen asked me over the weekend when I was going to stop blogging about crypto math and say something funny again. Everyone's a critic! Patience. my dear. Today, the final entry in my series on salt. Tomorrow, who knows? *********************** Read More... Posted Monday, February 07, 2005 10:28 AM by Eric Lippert | 21 Comments Filed under: Security, Salt

• You Want Salt With That? Part Three: Salt The Hash

  Last time we were considering what happens if an attacker gets access to your server's password file. If the passwords themselves are stored in the file, then the attacker's work is done. If they're hashed and then stored, and the hash algorithm is strong, Read More... Posted Thursday, February 03, 2005 6:53 AM by Eric Lippert | 21 Comments Filed under: Security, Salt

• You Want Salt With That? Part Two: We Need A Hash

  OK, we want to sketch out an authentication system which is sufficiently secure against common attacks even if all the details of the system are known to the attacker. Let's start with a simple system, take a look at what its vulnerabilities are, and Read More... Posted Monday, January 31, 2005 8:32 AM by Eric Lippert | 22 Comments Filed under: Security, Salt

• You Want Salt With That? Part One: Security vs Obscurity

  A poster to one of the Joel On Software fora the other day asked what a "salt" was (in the cryptographic sense, not the chemical sense!) and why it's OK to make salts public knowledge. I thought I might talk about that a bit over the next few entries. Read More... Posted Friday, January 28, 2005 10:24 AM by Eric Lippert | 13 Comments Filed under: Security, Salt