Re: Fw: Salted hashes

[espeake@oreillyauto.com]

Thanks Marc.  That's what I was getting out of it as well but I wanted to
check to be sure.


Eric Speake
Web Systems Administrator
O'Reilly Auto Parts
 (417) 862-2674  Ext. 1975



From:	Marc Haber <mh+openldap-technical@zugschlus.de>
To:	openldap-technical@openldap.org
Date:	03/18/2014 10:12 AM
Subject:	Re: Fw: Salted hashes
Sent by:	openldap-technical-bounces@OpenLDAP.org



On Tue, Mar 18, 2014 at 09:49:36AM -0500, espeake@oreillyauto.com wrote:
> I have been doing some reading on the salted hash and I know that I never
> setup a salt for servers.  We are doing some documentation for our
security
> people and the question came up about the salt and if it differs for each
> user, or if the same salt is used?

The basic idea of a salted hash is that the salt is different for
every user so that a rainbow table of hashes is only useful for a
single password.

Usually, the salt is randomized when a hash is generated.

Greetings
Marc

--
-----------------------------------------------------------------------------

Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062


--
This message has been scanned for viruses and dangerous content,
and is believed to be clean.
  Message id: 9899260142D.AEEF2




This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.