Ask a Question related to ASP.NET Security, Design and Development.
-
Edgar Sánchez #1
Where to store your salt
Reviewing the code in "Building Secure Microsoft ASP.NET Applications" for
hashing passwords with salt, I see that the salt is stored in the same table
as the hashed password. The idea of using salt is to make a dictionary
attack harder but if we store the salt close to the hashed password then the
attacker can attach the salt to the dictionary passwords and go on with
his/her attack. For what I understood of the salting technique, the salt
should be saved somewhere else, is this right or I am missing something?
Edgar Sánchez Guest
-
where to store encryption key?
i am trying to set up an application that is reasonably secure.... trying to protect the most sensitive data (cc info) in case ftp access is... -
about flex store example
Hi all, I want to add some nodes in the catalog.xml(about flex store example), I know it should been change the catalog.java and product.java, but... -
Crypt SALT value
I'm trying to translate a function from a perl script to C++. The perl script is: $passwdcrypt = crypt($data_access, SALT); This passwd is used... -
Store files in DB
You can use image as the datatype. It is a binary datatype with a storage limit of 2 GB -- Jacco Schalkwijk MCDBA, MCSD, MCSE Database... -
Store pdf's
You can store documents in SQL Server as (N)TEXT columns. See the following links for more details: Reading and Writing BLOBs (.NET) ==>... -
Ken Cox [Microsoft MVP] #2 Re: Where to store your salt
Some people store the salt in the web.config.
"Edgar Sánchez" <edgar.sanchez@logicstudio.net> wrote in message
news:%23xEGHwi4DHA.504@TK2MSFTNGP11.phx.gbl...> Reviewing the code in "Building Secure Microsoft ASP.NET Applications" for
> hashing passwords with salt, I see that the salt is stored in the same
> table
> as the hashed password. The idea of using salt is to make a dictionary
> attack harder but if we store the salt close to the hashed password then
> the
> attacker can attach the salt to the dictionary passwords and go on with
> his/her attack. For what I understood of the salting technique, the salt
> should be saved somewhere else, is this right or I am missing something?
>
>Ken Cox [Microsoft MVP] Guest
-
Derek Slager #3 Re: Where to store your salt
On Fri, 23 Jan 2004 22:41:26 -0500, Edgar Sánchez wrote:
Salt values are primarily used to prevent dictionary attacks using> Reviewing the code in "Building Secure Microsoft ASP.NET Applications" for
> hashing passwords with salt, I see that the salt is stored in the same table
> as the hashed password. The idea of using salt is to make a dictionary
> attack harder but if we store the salt close to the hashed password then the
> attacker can attach the salt to the dictionary passwords and go on with
> his/her attack. For what I understood of the salting technique, the salt
> should be saved somewhere else, is this right or I am missing something?
pre-computed hashes. It's better to store it separately, but unless they
have already computed the hashes for their dictionary using the exact same
salt value they still have work to do.
-Derek
Derek Slager Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
