Ray Dillinger <[EMAIL PROTECTED]> writes:
> There are times and places where you can use salt, and times and places
> where you can't. In order to use salt with a passphrase, you have to
> store it somewhere. And that means that a person who has only the
> ciphertext and the passphrase cannot decrypt. If you use salt, then
> the ciphertext can be decrypted only in an environment where that
> particular salt is available. That makes it nearly useless for
> networks or backups.
Eh? Salt is not secret. For networks, it's essentially broadcast on
request; password protocols like SRP start with the client sending a
request for Alice's salt and the server returning it, though in SRP
other information is piggybacked with those packets. For backups, the
salt is stored right next to the ciphertext. Salt is not intended to
provide extra password entropy, only to force attackers to treat every
instance of a key guessing problem separately.
--
__
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
