Ticket History #1620: should have option to randomize salt at pw change

# Fri Jun 20 16:16:54 2003 raeburn (Ken Raeburn) - Ticket created

To:	krb5-bugs@MIT.EDU
Subject:	should have option to randomize salt at pw change
From:	Ken Raeburn <raeburn@MIT.EDU>
Date:	Fri, 20 Jun 2003 16:16:49 -0400

Download (untitled) / with headers
text/plain 452B

As I'm writing up in the AES draft, always using a known salt string
for a given principal allows an attacker to build up a dictionary of
keys from a password dictionary, and save intermediate results to
re-use even if the iteration count is varied when the password is
changed.

We should have an option to randomize the salt string when the
password is changed. For AES, at least; I don't think it would do any
harm for other encryption types.

Ken

# Sun Jul 26 03:32:12 2009 raeburn (Ken Raeburn) - Comments added

Download (untitled) / with headers
text/plain 121B

See also http://k5wiki.kerberos.org/wiki/Projects/Random_Salt_Generation for a more detailed
proposal and some analysis.

# Tue May 27 15:25:27 2014 ghudson@mit.edu (Greg Hudson) - Status changed from 'new' to 'resolved'

# Tue May 27 15:25:27 2014 ghudson@mit.edu (Greg Hudson) - Comments added

Download (untitled) / with headers
text/plain 177B

Fixed by #6964. It's not perfect; the "special" salt type generates 64
bits of salt entropy and there's no way to configure that. But at a
coarse level the feature is there.

# Tue May 27 15:25:42 2014 ghudson@mit.edu (Greg Hudson) - Tags nochange added

# Tue May 27 15:25:42 2014 ghudson@mit.edu (Greg Hudson) - Ticket 1620 RefersTo ticket 6964.