User: Password:
Subscribe / Log in / New account

Sign with salt

Sign with salt

Posted Jul 1, 2009 6:28 UTC (Wed) by xoddam (subscriber, #2322)
In reply to: Sign with salt by forthy
Parent article: Dealing with weakness in SHA-1

To clarify -- I don't think I'm disagreeing with you -- a salt has to be shared if a third party is to check the signature.

Effectively, someone can provide you with a document to sign, and instead of signing the document you give you, you add some nonce to it and sign the result instead. The nonce (salt) can be from /dev/urandom or some ascii art or whatever. Then you and/or the originating party can forward the document you *did* sign, including the nonce, to whomever it concerns.

The reason for not salting with your own public key is not that other people *can* know your public key; but that an attacker doesn't know it in advance and therefore cannot prepare two documents with the same hash *and* the same salt before presenting one to you to sign.

Historically, salts were used for preventing dictionary attacks on /etc/passwd on the same principle: an attacker might know all the words in the dictionary in advance, but cannot possibly pre-compute each of them with every possible salt. But if /etc/passwd is world-readable, the attacker knows a much smaller range of possible salts in advance too, hence /etc/shadow and hence your recommendation for randomness.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds