tex: update rainbow tables sec
This commit is contained in:
parent
f350b0d555
commit
52ce04f4a2
SSH Key Fingerprint:
SHA256:Dp8+iwKHSlrMEHzE3bJnPng70I7LEsa3IJXRH/U+idQ
@ -7,6 +7,7 @@
|
||||
\begin{tabular}{ll}
|
||||
SHA & Secure Hash Algorithm \\
|
||||
AES & Advanced Encryption Standard \\
|
||||
CSPRNG & Cryptographically Secure Pseudo-Random Number Generator \\
|
||||
|
||||
ID & Identity \\
|
||||
PID & Process ID \\
|
||||
|
||||
11
tex/text.tex
11
tex/text.tex
@ -140,11 +140,12 @@ message: the password.
|
||||
One of the popular counter-measures to pre-computed tables is adding a
|
||||
\emph{salt} to the user-provided password before passing it to the KDF (Key
|
||||
Derivation Function) or the hash function. Of course, the salt should be random
|
||||
per-user and not reused, as that would mean two users with the same password
|
||||
would still end up with the same hash, and the salt should also be adequately
|
||||
long to be effective. As the salt is supposed to be random, it would be a good
|
||||
idea to use an actual CSPRNG (Cryptographically Secure Pseudo-Random Number
|
||||
Generator), such as \textbf{Fortuna}~\cite{fortuna} as a source.
|
||||
\textbf{per-user} and not reused, as that would mean that two users with the
|
||||
same password would still end up with the same hash, and the salt should also
|
||||
be adequately long to be effective. As the salt is supposed to be
|
||||
\emph{random}, it would be a good idea to use an actual CSPRNG, such as
|
||||
\textbf{Fortuna}~\cite{fortuna} as a source of entropy (randomness). In
|
||||
FreeBSD, Fortuna is in fact the one serving \texttt{/dev/random}.
|
||||
|
||||
|
||||
\n{3}{TLS}\label{sec:tls}
|
||||
|
||||
Reference in New Issue
Block a user