Pepper (cryptography) – Wikipedia

Cryptographic mystery, more secure than a salt
In cryptanalysis, a pepper is a clandestine added to an input such as a password during hashing with a cryptanalytic hashish function. This value differs from a salt in that it is not stored alongside a password hash, but quite the pepper is kept separate in some other medium, such as a Hardware Security Module. [ 1 ] note that the National Institute of Standards and Technology never refers to this respect as a pepper but rather as a secret salt. A pepper is like in concept to a salt or an encoding key. It is like a salt in that it is a randomized prize that is added to a password hash, and it is similar to an encoding cardinal in that it should be kept confidential. A pepper performs a comparable function to a salt or an encoding key, but while a salt is not secret ( merely unique ) and can be stored alongside the hash output, a pepper is confidential and must not be stored with the end product. The hash and strategic arms limitation talks are normally stored in a database, but a pepper must be stored individually to prevent it from being obtained by the attacker in case of a database rupture. [ 2 ] Where the salt only has to be long enough to be unique per user, a pepper should be long enough to remain secret from beast force attempts to discover it ( NIST recommends at least 112 bits ) .

history [edit ]

The mind of a site- or service-specific salt ( in addition to a per-user strategic arms limitation talks ) has a hanker history, with Steven M. Bellovin proposing a local parameter in a Bugtraq mail in 1995. [ 3 ] In 1996 Udi Manber besides described the advantages of such a scheme, terming it a secret salt. [ 4 ] The condition pepper has been used, by analogy to salt, but with a variety of meanings. For model, when discussing a challenge-response scheme, pepper has been used for a salt-like quantity, though not used for password storage ; [ 5 ] it has been used for a data infection technique where a capsicum must be guessed ; [ 6 ] and even as a depart of jokes. [ 7 ]

The term pepper was proposed for a secret or local parameter stored individually from the password in a discussion of protecting passwords from rainbow table attacks. [ 8 ] This usage did not immediately catch on : for exemplar, Fred Wenzel added documentation to Django password hashing for repositing based on a combination of bcrypt and HMAC with individually stored nonces, without using the term. [ 9 ] usage has since become more common. [ 10 ] [ 11 ] [ 12 ]

Types [edit ]

There are multiple unlike types of capsicum :

  • A secret unique to each user.[ citation needed]
  • A shared secret that is common to all users.[2]
  • A randomly-selected number that must be re-discovered on every password input.[13]

Shared Secret Pepper [edit ]

In the case of a shared-secret pepper, a single compromised password ( via password recycle or other attack ) along with a exploiter ‘s salt can lead to an attack to discover the pepper, rendering it ineffective. If an attacker knows a plaintext password and a drug user ‘s salt, angstrom well as the algorithm used to hash the password, then discovering the pepper can be a matter of beastly forcing the values of the pepper. This is why NIST recommends the mystery value be at least 112 bits, so that discovering it by exhaustive search is intractable. The pepper must be generated afresh for every application it is deployed in, otherwise a rupture of one application would result in lower security of another lotion. Without cognition of the pepper, other passwords in the database will be far more unmanageable to extract from their hashed values, as the attacker would need to guess the password vitamin a well as the pepper.

A pepper adds security to a database of salts and hashes because unless the attacker is able to obtain the pepper, cracking even a single hash is intractable, no count how weak the master password. flush with a number of ( salt, hashish ) pair, an attacker must besides guess the privy pepper in club to find the password which produces the hash. The NIST specification for a confidential salt suggests using a Password-Based Key Derivation Function ( PBKDF ) with an approve Pseudorandom Function such as HMAC with SHA-3 as the hash officiate of the HMAC. The NIST recommendation is besides to perform at least 1000 iterations of the PBKDF, and a further minimum 1000 iterations using the secret salt in locate of the non-secret salt .

Unique Pepper Per User [edit ]

In the lawsuit of a pepper which is unique to each exploiter, the tradeoff is gaining extra security at the cost of storing more data securely. Compromising one password hash and revealing its secret capsicum will have no effect on other password hashes and their secret pepper, so each pepper must be individually discovered, which greatly increases the time taken to attack the password hashes .

randomly Selected Pepper [edit ]

In the subject of a randomly-selected pepper which is not saved at all, it must be rediscovered every time it is needed. This means that an algorithm to verify a password would effectively need to brute-force the pepper every fourth dimension. For this reason, algorithm implementing this would not want to use a large value for the pepper, as confirmation should be sanely fast. [ citation needed ]

See besides [edit ]

References [edit ]

Leave a Reply

Your email address will not be published.