Salt Values
Salt values make up a portion of many session keys, as shown.
As with the key bits, the salt bits also consist of random data. The
difference is that the key bits must be kept secret at all costs, while the salt values
are made public. When exchanging keys using the CryptoAPI, the key bits are
transmitted inside of encrypted key blobs. The salt bits, on the other hand, are
transmitted in plaintext form.
The size of the salt values will vary, depending on the CSP used. For example,
the Microsoft RSA Base Provider uses salt values of 88 bits and key values of
40 bits, for a total key size of 128 bits. Even though the salt bits make up
part of each encryption key, they are usually ignored when discussing keys and
key sizes. That is, when talking about Microsoft RSA Base Provider encryption
keys, we refer to them as 40 bit keys.
Salt values are most useful when transmitting or storing large amounts of
nearly identical packets using the same encryption key. Normally, two identical
packets would encrypt into two identical ciphertext packets. However, this would
indicate to an eavesdropper that the packets are identical and, thus, could be
attacked simultaneously. But, if the salt value is changed with every packet
sent, then a completely different ciphertext packet will always be generated, even
if the plaintext packets are the same.
Because salt values need not be kept secret and can be transmitted in
plaintext form bundled with each ciphertext packet, it is much easier to change salt
values once per packet than it would be to change the key value itself.
Applications should generate salt values with the
CryptGenRandom function. It is important that each salt value be completely different than
the other ones, particularly when using stream ciphers.
- Software for developers
-
Delphi Components
.Net Components
Software for Android Developers
- More information resources
-
MegaDetailed.Net
Unix Manual Pages
Delphi Examples
- Databases for Amazon shops developers
-
Amazon Categories Database
Browse Nodes Database
