[lug] [OT] sha1 algorithm, no salt?
D. Stimits
stimits at attbi.com
Mon Sep 9 16:36:27 MDT 2002
I'm looking at some NIST web pages on the sha1 one-way hash algorithm,
and it seems odd that it looks like it does not use any kind of seed or
salt value. Is this correct, that sha1 just takes data, and does not
require a sepate seed? Reference:
http://www.itl.nist.gov/fipspubs/fip180-1.htm
http://csrc.nist.gov/publications/fips/fips180-1/fips180-1.pdf
Generating a salt/seed seems to be both a way of increasing the size of
dictionary that a dictionary attack would require, as well as a weakness
in some of the other algorithms used for passwords. Is this really what
it looks like to me, no more salt?
D. Stimits, stimits AT attbi.com
More information about the LUG
mailing list