[prev in list] [next in list] [prev in thread] [next in thread]
List: ms-cryptoapi
Subject: Re: CRYPT_CREATE_SALT
From: Jeff Spelman <jeffspel () MICROSOFT ! COM>
Date: 1999-03-19 23:50:48
[Download RAW message or body]
Scott
The default salt length (this is what you get when you specify
CRYPT_CREATE_SALT) with the MS Enhanced Provider is 0 bytes. I recommend
you not use this flag, probably best to use CRYPT_NO_SALT and then use
CryptSetKeyParam to set salt. The flag is not necessary if you use
CryptSetKeyParam with KP_SALT_EX since this call will make salt of whatever
length you specify thus overriding what was done with CryptDeriveKey. I do
notice that below you indicate that you use KP_SALT on Encrypt and
KP_SALT_EX on Decrypt, I recommend you use KP_SALT_EX with both Encrypt and
Decrypt.
Thanks Jeff
-----Original Message-----
From: Scott Sanders [mailto:ssanders@HOME.NET]
Sent: Friday, March 19, 1999 3:42 PM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: CRYPT_CREATE_SALT
Can anyone give me a good example of how CRYPT_CREATE_SALT is used when
using CryptDeriveKey using RC4. I'm using the enhanced provider right now
but assume it works the same with both Enhanced and Base. I was doing the
following:
Encrypt:
* CryptDeriveKey( ..., CALG_RC4, CRYPT_CREATE_SALT )
* CryptGetKeyParam( ...KP_SALT... )
Storage:
Store key & salt
Decrypt
* CryptDeriveKey( ..., CALG_RC4, 0 )
* CryptSetKeyParam( ... KP_SALT_EX ... )
Is this reasonable? Right now I'm fudging by creating 16 bytes of random
data and hashing it before the user password and storing that. I believe
that's close to the same result. Any comments? Thanks.
Scott Sanders
----------------------------------------------------------------
Users Guide http://www.microsoft.com/workshop/essentials/mail.asp
contains important info including how to unsubscribe. Save time, search
the archives at http://discuss.microsoft.com/archives/index.html
----------------------------------------------------------------
Users Guide http://www.microsoft.com/workshop/essentials/mail.asp
contains important info including how to unsubscribe. Save time, search
the archives at http://discuss.microsoft.com/archives/index.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic