[8262] in cryptography@c2.net mail archive
Re: migration paradigm (was: Is PGP broken?)
daemon@ATHENA.MIT.EDU (Paul Crowley)
Mon Dec 11 17:55:31 2000
To: Ray Dillinger <bear@sonic.net>
Cc: Enzo Michelangeli <em@who.net>, cryptography@c2.net
From: Paul Crowley <paul@cluefactory.org.uk>
Date: 11 Dec 2000 12:11:05 +0000
In-Reply-To: Ray Dillinger's message of "Sun, 10 Dec 2000 10:56:27 -0800 (PST)"
Message-ID: <87k897jgyu.fsf@hedonism.subnet.hedonism.cluefactory.org.uk>
Ray Dillinger <bear@sonic.net> writes:
> There are times and places where you can use salt, and times and places
> where you can't. In order to use salt with a passphrase, you have to
> store it somewhere. And that means that a person who has only the
> ciphertext and the passphrase cannot decrypt. If you use salt, then
> the ciphertext can be decrypted only in an environment where that
> particular salt is available. That makes it nearly useless for
> networks or backups.
Eh? Salt is not secret. For networks, it's essentially broadcast on
request; password protocols like SRP start with the client sending a
request for Alice's salt and the server returning it, though in SRP
other information is piggybacked with those packets. For backups, the
salt is stored right next to the ciphertext. Salt is not intended to
provide extra password entropy, only to force attackers to treat every
instance of a key guessing problem separately.
--
__
\/ o\ paul@cluefactory.org.uk
/\__/ http://www.cluefactory.org.uk/paul/
