Single Salt
You discover that a system you are reviewing is using hashed passwor
Single Salt
You discover that a system you are reviewing is using hashed passwords, but all the salt fields are identical. The implementer just used one salt for all accounts. Unfortunately, they can’t feasibly rewrite all the code in their system to fix this.
Propose a method that would let them improve security of the salts without resorting to moving to individually unique salts? Hint: think midnight
Your response should provide a detailed explanation of your proposed method. Include any assumptions or limitations in your method.
Keep it Private
Without salt, password hashes can be provided calculated by the user and the hash, not the actual password sent to the authenticating system where the hash provided is compared to the hash stored. Unfortunately, with salting, the user does not know the salt. This means they must provide their password in clear text – preferably over a secure channel.
Without requiring the user to keep track of the salt, propose a possible protocol that would allow the user to send a hash of the salted password, so that the authenticating server never has access to the plaintext password.
Your response should provide a detailed explanation of your proposed method, and include a protocol narration and/or sequence diagram of the protocol. Include any assumptions or limitations of your protocols.
When you are done, have one member of your group submit a single PDF covering both parts of this assignment.
To understand how your work will be assessed, view the scoring rubric below.