3

Possible Duplicate:
What is the optimal length for user password salt?

I have a database like below:

create table user (id int primary key auto increment,
     username varchar(64),
     password varchar(128), # sha512 hash of password
     password_salt varchar(128) # sha512 hash of a random number used as salt
)

Is this a good idea for ensuring password security with a salt? How long should a salt be? I assume that it can't hurt to have a 128bit (SHA-512) salt, but I've been wrong before.

Community
  • 1
  • 1
Naftuli Kay
  • 87,710
  • 93
  • 269
  • 411
  • Hashing a salt doesn't increase security. What matters is the total number of salt values and that they have a uniform distribution. – outis Sep 15 '11 at 22:40
  • SHA-512 generates a 512-bit (64 byte) value. If you've got a good random number, you don't need to hash it. Using 512 bits for the salt will provide good protection, but you're likely to find that even 64-bits is enough. – Jonathan Leffler Sep 15 '11 at 22:41
  • @outis `password = sha512(raw_password + sha512(random_number_between_zero_and_a_billion()))` – Naftuli Kay Sep 15 '11 at 22:44
  • @Jonathan Leffler: Overkill for the win! – Naftuli Kay Sep 15 '11 at 22:44

1 Answers1

1

I have several comments:

  • Salts should be random and unique per user, but they don't have to be a hash digest. The idea of a salt is just to make the hash digest unique per user to resist dictionary attacks and rainbow table attacks. The salt doesn't add to the strength of the hash digest algorithm, regardless of the salt's length.

  • DES uses 12 bits for the salt. Updated UNIX password systems use more, up to 128 bits.

  • If you want stronger passwords, consider using bcrypt or PBKDF2.

  • FWIW, a SHA-512 hash digest (encoded as hex digits) is always exactly 128 characters, regardless of the length of the input. So I'd use CHAR(128) instead of VARCHAR(128). Use BINARY(2) or BINARY(3) for the salt.

Community
  • 1
  • 1
Bill Karwin
  • 538,548
  • 86
  • 673
  • 828
  • The advantage of using `bcrypt` or `PBKDF2` over a plain hash is the most important thing since it slows down brute force attacks. The randomness of the salt isn't super important since as Bill said it's most important property is uniqueness, and for that 128bit is plenty. – CodesInChaos Sep 15 '11 at 23:00