Pepper (cryptography)

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

In cryptography, a pepper is a secret added to an input such as a password prior to being hashed with a cryptographic hash function. A pepper performs a similar role to a salt, but while a salt is stored alongside the hashed output, a pepper is not. A pepper usually meets one of two criteria:

  • The pepper is at least as long as the salt and is stored separately from the value to be hashed, often as an application secret.
  • The pepper is small and randomly generated for each input to be hashed, and is never stored. To verify whether an input matches, the application iterates through the full set of possible values for the pepper (to avoid timing attacks), testing each resulting hash in turn[1][dubious ]

A pepper adds security to a database of hashes because it increases the number of secret values that must be recovered (whether by brute force or discovery) to recover the inputs.

Example usage[edit]

Here is an incomplete example of using a constant pepper when storing passwords. This first table has two username and password combinations.

Username Password
user1 password123
user2 password123

The password is not stored, and the 8-byte (64-bit) pepper 44534C70C6883DE2 is stored in a secure location separate to the hashed values.

Username String to be Hashed Hashed Value = SHA256(Password + Pepper)
user1 password123+44534C70C6883DE2 D63E21DF3A2A6853C2DC675EDDD4259F3B78490A4988B49FF3DB7B2891B3B48D
user2 password123+44534C70C6883DE2 D63E21DF3A2A6853C2DC675EDDD4259F3B78490A4988B49FF3DB7B2891B3B48D

In contrast to a salt, a pepper does not on its own protect against identifying users who have the same password, but it does protect against dictionary attacks unless the attacker has the pepper value. As a pepper will not be shared between applications, an attacker will be unable to directly match hashes from one leaked database to another.

See also[edit]

References[edit]

  1. ^ "Catena: A Memory-Consuming Password-Scrambling Framework". citeseerx.ist.psu.edu. Retrieved 2016-12-09.