i have noted sources indicate when using kdf pbkdf2 advocate injecting salt @ time of execution - this:
dv = salt + pbkdf2(salt + password, salt) versus "plain" usage of
dv = pbkdf2(password, salt) when using pycrypto.protocol.kdf pbkdf2 function (linked above), salt parameters add benefit if no 2 passwords have same salt (but salt stored password)?
presumably risk having oracle whereby identical passwords revealed as-such, encoded. case or there concern 1 ought mindful of?
if concern expect, in absence of fault in algorithms permits short-circuiting, plainly used salt obliges 1 recheck every password entire number of iterations. case?
Comments
Post a Comment