Salt (cryptography)

From Free net encyclopedia

In cryptography, a salt consists of random bits used as one of the inputs to a key derivation function. The other input is usually a password or passphrase. The output of the key derivation function is often stored as the encrypted version of the password. It can also be used as a key for use in a cipher or other cryptographic algorithm. A salt value is typically used in a hash function.

The salt value may or may not be protected as a secret. In either case the additional salt data makes it more difficult to conduct a dictionary attack using pre-encryption of dictionary entries, as each bit of salt used doubles the amount of storage and computation required.

In some protocols, the salt is transmitted in the clear with the encrypted data, sometimes along with the number of iterations used in generating the key (for key strengthening). Cryptographic protocols that use salts include SSL and Ciphersaber.

Early Unix systems used a 12-bit salt, but modern implementations use more.

Salt is very closely related to the concept of nonce.

[edit]