On Friday 12 July 2002 10:26 am, Alan Rouse wrote:
You'd be better off using a random function to generate the salt, rather than using a timestamp. Assuming your computer's clock is set somewhere close to true time (or that the delta can be learned), if I know when you changed your password I could use this information to accelerate my attack by making informed guesses about the salt value.
This is a very good point. Now that I think about it, a field in the database will have the last password change timestamp in cleartext, to support things like password expirations. So this will be an especially important issue on this system. I'll use /dev/random to generate salt (though it's not truly "salt" in the crypt() sense, if I understand correctly the prior discussion of that function). The good news is that on a web server there should be plenty of entropy to make /dev/random a good entropy source. Thanks for the comments. As you mention in your second note, this is probably a non-issue given the low criticality of my data, but since it is so easy to fix the vulnerability, there is no reason not to do so. Scott -- -----------------------+------------------------------------------------------ Scott Courtney | "I don't mind Microsoft making money. I mind them courtney@4th.com | having a bad operating system." -- Linus Torvalds http://4th.com/ | ("The Rebel Code," NY Times, 21 February 1999) | PGP Public Key at http://4th.com/keys/courtney.pubkey