2

I'm working on a web API. We are going to use Hmac256 for signature hashing. From what I can gather, the secret is a key used to initialize the hash algorithm (ie to generate a random number). The salt is appended to the content, to make it harder to decrypt.

The API will be used by a few clients and the data is not very sensitive (for now). We will be doing IP filtering on our server.

What is the best practice, using a salt, a secret, or both ? It's kind of cumbersome for the client to have both I think.

ThunderDev
  • 123
  • 3
  • possible duplicate of [How to securely hash passwords?](http://security.stackexchange.com/questions/211/how-to-securely-hash-passwords) – RoraΖ Nov 24 '14 at 12:25

1 Answers1

1

Salts and secrets serve different purposes when you're creating a MAC. The secret (the key) is used to prevent existential forgeries, or in other words, to prevent an attacker from creating an equally valid MAC on a tampered message. Without the key, you have no integrity, and you've essentially turned the MAC into a hash. So, you need the key.

A salt, on the other hand, is only useful with a MAC if you are creating signatures for identical messages and need to prevent information leakage. If you create signatures for the same message twice, using the same key, then the MACs will by design be identical. If you don't want attacker to be able to discern whether the messages being signed are identical or not, then you need a salt. If the messages are not identical, as would be the case with encrypt-then-MAC, for instance, where you might rely on an initialization vector to make the ciphertext you're creating the MAC for unique, then you do not need a salt.

Xander
  • 35,525
  • 27
  • 113
  • 141
  • To get different signatures with the same message, the salt would need to change every time ? – ThunderDev Nov 24 '14 at 16:37
  • @ThunderDev Yes, that is correct. If it does not change, it is no longer a salt, in fact. – Xander Nov 24 '14 at 16:39
  • Ok, I'm not sure how I could achieve that in my scenario considering the client and server need to know the salt. I would have to give the client a list of salts.. I will make do without. Cheers – ThunderDev Nov 25 '14 at 09:22
  • I think you're allowed to pass the salt to the server with the message. Salts aren't meant to be secret. – mwardm Dec 02 '16 at 10:22