dato
aleatorio que se combina con una clave para que el resultado de una función
criptográfica quede razonablemente disperso y protegido frente a ataques de
diccionario.
A non-secret value that is
used in a cryptographic process, usually to ensure that the results of
computations for one instance cannot be reused by an Attacker. [NIST-SP800-63:2013]
A non-secret value that is
used in a cryptographic process, usually to ensure that the results of
computations for one instance cannot be reused by an attacker. [CNSSI_4009:2010]
random data item produced by
the signing entity during the generation of the message representative in
Signature scheme 2. [ISO-9796-2:2002]
Random string that is
concatenated with other data prior to being operated on by a hash function. See
also Hash.
https://www.pcisecuritystandards.org/security_standards/glossary.php
A salt consists of random
bits used as one of the inputs to a key derivation function. Sometimes the IV,
a previously generated (preferably random) value, is used as a salt. The other
input is usually a password or passphrase. The output of the key derivation
function is often stored as the encrypted version of the password. It can also
be used as a key for use in a cipher or other cryptographic algorithm. A salt
value is typically used in a hash function.
The salt value may or may
not be protected as a secret. In either case the additional salt data makes it
more difficult to conduct a dictionary attack using pre-encryption of
dictionary entries, as each bit of salt used doubles the amount of storage and
computation required.
In some protocols, the salt
is transmitted in the clear with the encrypted data, sometimes along with the
number of iterations used in generating the key (for key strengthening).
Cryptographic protocols that use salts include SSL and Ciphersaber.
Early Unix systems used a
12-bit salt, but modern implementations use more.
http://en.wikipedia.org/wiki/Salt_%28cryptography%29
Chaîne de données
aléatoires qui est concaténée avec des données de source avant qu’une fonction
de hachage unilatérale ne soit appliquée. Les variables d’entrée peuvent
réduire l’efficacité des attaques de tableaux arc-en-ciel. Voir aussi hachage
et tableaux arc-en-ciel.
http://fr.pcisecuritystandards.org/