0

Just out of curiosity (since I know the established password hashing libraries should provide "proper" random salts), would a combination of the user login and the respective site's domain (or a hash of that combination) make sense as a salt? It would by construction be unique per user and domain and would not fall prey to a broken RNG implementation. If a timestamp of password change is added to that combination, even a reused earlier password would yield a new hash.

Tobias Kienzler
  • 7,578
  • 10
  • 43
  • 66
  • 1
    Possible duplicate of [Do salts have to be random, or just unique and unknown?](https://security.stackexchange.com/questions/41617/do-salts-have-to-be-random-or-just-unique-and-unknown). One answer there specifically addresses the combination of user name and domain. But to cite the main aspect from there: *"... __this whole discussion is really moot in practice__. Generating random salts is easy and fast."*. In other words: why even care about complex not-so-random schemes when using random is both easier and more secure. – Steffen Ullrich Apr 05 '19 at 08:32
  • @SteffenUllrich Perfect, thanks! I guess "The only requirement of a salt is to be _globally_ unique. It doesn't have to be random and it most certainly does not have to be unknown." is the relevant here, plus the warning about potentially predefined rainbow tables _if_ the domain and user names are predictable enough. The timestamp would already improve that... – Tobias Kienzler Apr 05 '19 at 08:37
  • Of course I agree the discussion is rather moot - _if_ the PRNG doesn't suck – Tobias Kienzler Apr 05 '19 at 08:39
  • If you have a timestamp with a granularity of one second the unpredictability is somewhat improved but only marginally compared to what proper random would provide. And it might even be further narrowed down to be totally useless, since for example in lots of sites it is visible when users were created and the chance is high that the user never changed its initial password. – Steffen Ullrich Apr 05 '19 at 08:43
  • @SteffenUllrich True (though that information is something I dislike having published anyway), and even a not-so-easy-to-guess-domain-"name" would basically just be a pepper Oh well, nice hypothetical discussion though – Tobias Kienzler Apr 05 '19 at 08:45

0 Answers0