|
In cryptography, a salt is random data that is used as an additional input to a one-way function that hashes a password or passphrase.〔Salts are closely related to the concept of nonce.〕 The primary function of salts is to defend against dictionary attacks versus a list of password hashes and against pre-computed rainbow table attacks. A new salt is randomly generated for each password. In a typical setting, the salt and the password are concatenated and processed with a cryptographic hash function, and the resulting output (but not the original password) is stored with the salt in a database. Hashing allows for later authentication while protecting the plaintext password in the event that the authentication data store is compromised. Cryptographic salts are broadly used in many modern computer systems, from Unix system credentials to Internet security. ==Unix implementations== Earlier versions of Unix used a password file ( /etc/passwd) to store the hashes of salted passwords (passwords prefixed with two-character random salts). In these older versions of Unix, the salt was also stored in the passwd file (as cleartext) together with the hash of the salted password. The password file was publicly readable for all users of the system. This was necessary so that user-privileged software tools could find user names and other information. The security of passwords is therefore protected only by the one-way functions (enciphering or hashing) used for the purpose.Early Unix implementations limited passwords to 8 characters and used a 12-bit salt, which allowed for 4,096 possible salt values. While 12 bits was sufficient for the 1970s, by 2005 disk storage had become inexpensive; so much so that an attacker could pre-compute the hashes of millions of common passwords, including all 4,096 possible salt variations for each password, and store the precomputed values on a single hard drive. An attacker with a larger budget could build a disk farm with all 6-character passwords and the most common 7- and 8-character passwords stored in hashed form for all 4,096 possible salt values. To prove this, simply assume usernames use only the 95 printable ASCII characters (each 1B), and add up all the possible combinations of characters in these 6-character passwords (95^n), then add the number of bytes it takes to store all common 7- and 8-letter words, then multiply the result by 4,096 to find that the result is not unattainable with a set of modern, multi-terabyte data drives: : 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Salt (cryptography)」の詳細全文を読む スポンサード リンク
|