How many bytes should salt be?

How many bytes should salt be?

Every salt should ideally have a long salt value of at least the same length as the output of the hash. If the output of the hash function used is 256 bits or 32 bytes, the length of the salt value should at least be 32 bytes.

Does salt need to be secret?

Hiding a salt is unnecessary. A different salt should be used for every hash. In practice, this is easy to achieve by getting 8 or more bytes from cryptographic quality random number generator.

Is salting legal?

One of the ways unions organize workers is by salting—when a union organizer gets a job at a company with the intent of organizing workers from within. Salting is legal, but employers tend to not be too fond of people who do it.

How big should the n-bit salt be?

If you use n -bit salts, chances of a collision become non-negligible once you reach about 2n/2 generated values. There are about 7 billions people on this planet, and it seems safe to assume that they, on average, own less than 1000 passwords each, so the worldwide number of hashed passwords must be somewhat lower than 242.7.

How much space does a bit of salt take?

Every bit of salt doubles the space required for the lookup table. So, 8 bytes (64 bits) would result in a space multiplier of 16 million terabytes—taking the total space well into the yottabyte range (and probably beyond the reach of most attackers).

How big of a salt do you need to crack a password?

So you should have at least one unique salt per password so that only one password can be cracked at a time. At best, use a already proven password storage scheme. Since bits are cheap, for simplicity we suggest using a 256-bit salt. 8 Bytes are sufficent.

How many terabytes is a 64 bit salt?

So, 8 bytes (64 bits) would result in a space multiplier of 16 million terabytes—taking the total space well into the yottabyte range (and probably beyond the reach of most attackers). A salt is used to add additional random bits to the password to make certain attacks less efficient. So the more entropy the salt adds, the better.