Re^2: Generating random characters for a salt.

That's certainly interesting, but it seems strange to go to those lengths to get a random number and then limit it to a hex string. Granted, I'm not exactly a cryptography expert, but don't you want the largest possible pool of characters?

Comment on Re^2: Generating random characters for a salt.

Replies are listed 'Best First'.
Re^3: Generating random characters for a salt. by fenLisesi (Priest) on Aug 31, 2007 at 08:02 UTC
If you are given these rules: Your salt must be N characters long or shorter N is a small integer then, yes, you would want a big char set. That is not the case with salts, however. Heck, you could restrict yourself to two characters and still be arbitrarily uhm... arbitrary by making the string longer. The incredibly-randomness and terribly-hard-to-guessness of a salt is not critical: it is going to be hashed again. Disclaimer: I am not a crypto expert either. /me .oO(Come to think of it, I am not an expert in anything, really. That's not very good at age 34) Cheers.	[reply]

Replies are listed 'Best First'.

Re^3: Generating random characters for a salt.
by fenLisesi (Priest) on Aug 31, 2007 at 08:02 UTC

Your salt must be N characters long or shorter
N is a small integer

then, yes, you would want a big char set. That is not the case with salts, however. Heck, you could restrict yourself to two characters and still be arbitrarily uhm... arbitrary by making the string longer.

The incredibly-randomness and terribly-hard-to-guessness of a salt is not critical: it is going to be hashed again.

Disclaimer: I am not a crypto expert either. /me .oO(Come to think of it, I am not an expert in anything, really. That's not very good at age 34)

Cheers.

[reply]