From 52ce04f4a2cba9699ca0ab24877e7cad4d8e39e5 Mon Sep 17 00:00:00 2001 From: leo Date: Thu, 25 May 2023 13:11:03 +0200 Subject: [PATCH] tex: update rainbow tables sec --- tex/abbreviations.tex | 1 + tex/text.tex | 11 ++++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/tex/abbreviations.tex b/tex/abbreviations.tex index 0fa6ba9..17b21e2 100644 --- a/tex/abbreviations.tex +++ b/tex/abbreviations.tex @@ -7,6 +7,7 @@ \begin{tabular}{ll} SHA & Secure Hash Algorithm \\ AES & Advanced Encryption Standard \\ +CSPRNG & Cryptographically Secure Pseudo-Random Number Generator \\ ID & Identity \\ PID & Process ID \\ diff --git a/tex/text.tex b/tex/text.tex index 749caaf..51cba41 100644 --- a/tex/text.tex +++ b/tex/text.tex @@ -140,11 +140,12 @@ message: the password. One of the popular counter-measures to pre-computed tables is adding a \emph{salt} to the user-provided password before passing it to the KDF (Key Derivation Function) or the hash function. Of course, the salt should be random -per-user and not reused, as that would mean two users with the same password -would still end up with the same hash, and the salt should also be adequately -long to be effective. As the salt is supposed to be random, it would be a good -idea to use an actual CSPRNG (Cryptographically Secure Pseudo-Random Number -Generator), such as \textbf{Fortuna}~\cite{fortuna} as a source. +\textbf{per-user} and not reused, as that would mean that two users with the +same password would still end up with the same hash, and the salt should also +be adequately long to be effective. As the salt is supposed to be +\emph{random}, it would be a good idea to use an actual CSPRNG, such as +\textbf{Fortuna}~\cite{fortuna} as a source of entropy (randomness). In +FreeBSD, Fortuna is in fact the one serving \texttt{/dev/random}. \n{3}{TLS}\label{sec:tls}