Page 1 of 1

A "strong" salt

Posted: Fri Dec 14, 2007 11:44 am
by Chalks
What makes a salt "strong"?

A salt that I've used before is "56v2jxa9er73qse".

Posted: Sat Dec 15, 2007 2:58 am
by feyd
You want a maximum amount of entropy. You also want a salt long enough so that the hash must take at least two passes to complete the computation.

Posted: Sat Dec 15, 2007 7:58 am
by Chalks
The way I generated the salt was by using a random number/letter generator that I found online somewhere. Is that enough entropy?

Also, how long does my string need to be to force the hash algorithm to pass through it twice? I'm using your sha256 class and my string is a minimum of 27 characters.

Thanks :)





Edit: I'm not entirely sure what is meant by "entropy" in this context.

Posted: Sat Dec 15, 2007 9:11 am
by feyd
SHA256 requires a minimum of 64 bytes of input to make two passes.

Entropy:
  1. Symbol S For a closed thermodynamic system, a quantitative measure of the amount of thermal energy not available to do work.
  2. A measure of the disorder or randomness in a closed system.
  3. A measure of the loss of information in a transmitted message.
  4. The tendency for all matter and energy in the universe to evolve toward a state of inert uniformity.
  5. Inevitable and steady deterioration of a system or society.

Posted: Sat Dec 15, 2007 9:27 am
by Chalks
As usual you've been very helpful.

Thanks, feyd.