Add Salt To Make Your Encryptions Better
There are few things that aren't better once salt has been added, and encryptions are no different. Adding a salt can make a simple encryption exponentially harder to break/crack. "Salt data complicates dictionary attacks that use pre-encryption of dictionary entries: Each bit of salt used doubles the amount of storage and computation required" (Wikipedia). You can see that by adding a good sized salt, the encryption can become very difficult to break by dictionary or other brute force attacks. A lot of programmers rely entirely on the md5 encryption for storing passwords because it is built into both PHP and MySQL. While md5 is an easy function to implement, it is pretty easily reversed using rainbow tables. Thankfully, there are many other available encryption options that include salt, and the best part about adding salt to your encryption is how easily it can be done.
- PHP - crypt("string to encrypt","salt")
- Perl - crypt("string to encrypt","salt")
- ASP - Set crypt = Server.CreateObject("Persits.CryptoManager")
Set ctx = crypt.OpenContext("", True)
Set hash = ctx.CreateHash
hash.AddText Request("string to encrypt") & salt
hashvalue = hash.Value.Hex
- Ruby On Rails - "string to encrypt".crypt("salt")
- Python - crypt("string to encrypt","salt")
Now that you have added salt to your encryption, I'm sure you would like to know how much more secure that encrypted string really is. This is actually a very easy calculation. Let's say for example that you know your users are creating easy passwords that they can remember and are therefore picking words out of the dictionary. The users are picking from let's say around 100,000 of the words in the English language. Using encryption without salt, basic brute force attacks would have to compute 100,000 hashes to find the correct one. On the other hand, if you take their password from the dictionary and add a salt, using say a 32 bit salt, the same size as md5 encryption, you multiply the word possibilities by the salt possibilities; see below:
- Password Possibilities: 100,000
- Salt Possibilities: 2^32
Hash calculations needed = 100,000 * 2^32 Hash calculations needed = 429,496,729,600,000
This basic calculation shows that simply adding a salt makes the encryption 4,294,967,296 times harder to break.