In method two, the user generates the salt, so it can be whatever the user wants it to be. But this means the user must remember both the salt and the password
David David Wilson wrote:
On Wed, 2009-09-23 at 16:17 -0400, Santosh Chokhani wrote:I agree, but revealing the salt or not revealing the salt is not assecurity relevant.which brings us back to Kurt's point about how does the client know whatsalt to use, if the server holds the hashed password+salt.----- www.x500standard.com: The central source for information on the X.500 Directory Standard.
-- ------------------------------------------------------------- The Israeli group Breaking the Silence has just released a collection of testimonies by Israeli soldiers that took part in the Gaza attack lastDecember and January. The testimonies expose significant gaps between the official stances of the Israeli military and events on the ground.
See http://www.shovrimshtika.org/news_item_e.asp?id=30 The Israeli government defies Obama, and continues its settlement expansionIsrael plans to allocate $250 million over the next two years for settlements
http://www.palestinecampaign.org/index7b.asp?m_id=1&l1_id=4&l2_id=24&Content_ID=698 whilst simultaneously continuing to bulldoze Palestinian homes http://salsa.democracyinaction.org/o/301/t/9462/campaign.jsp?campaign_KEY=27357 ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@xxxxxxxxxx Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 ***************************************************************** ----- www.x500standard.com: The central source for information on the X.500 Directory Standard.