How long should a salt be to make it infeasible to attempt dictionary attacks?

后端 未结 6 1453
萌比男神i
萌比男神i 2021-02-07 12:52

I\'m designing an authentication system that works like the following:

  1. User enters password
  2. Salt is generated.
  3. Password is hashed with whirlpool<
6条回答
  •  天涯浪人
    2021-02-07 13:17

    Book:

    Cryptography Engineering: Design Principles and Practical Applications

    by Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno

    21.2.1 Salting and Stretching

    Since bits are cheap, for simplicity we suggest using a 256-bit salt.

提交回复
热议问题