[cryptography] HKDF salt

Nico Williams nico at cryptonector.com
Thu Aug 1 17:17:54 EDT 2013

Two words: rainbow tables.

Salting makes it impossible to pre-compute rainbow tables for common
inputs (e.g., passwords).

Now, this HKDF is not intended for use as a PBKDF, so the salt
effectively adds no real value when the input key material is truly
random/unpredictable by attackers, which it damned well ought to be.
OTOH, if the IKM is weak, or if you don't know if it could be, then
salting defeats rainbow tables.

In other words: salting doesn't hurt, and might really help.  Salting is good.


More information about the cryptography mailing list