Salt values should be created using a cryptographic pseudorandom number generator. Not using a random salt value makes the resulting hash or hmac much more predictable and susceptible to a dictionary attack.

Example 1: The following code reuses the password as the salt:

function register(){
  $password = $_GET['password'];
  $username = $_GET['username'];

  $hash = hash_pbkdf2('sha256', $password, $password, 100000);
...

Salt values should be created using a cryptographic pseudorandom number generator. Not using a random salt value makes the resulting hash or hmac much more predictable and susceptible to a dictionary attack.

Example 1: The following code reuses the password as the salt:

import hashlib, binascii

def register(request):
  password = request.GET['password']
  username = request.GET['username']

  dk = hashlib.pbkdf2_hmac('sha256', password, password, 100000)
  hash = binascii.hexlify(dk)
  store(username, hash)
...

Salt values should be created using a cryptographic pseudorandom number generator. Not using a random salt value makes the resulting hash or HMAC much more predictable and susceptible to a dictionary attack.

Example 1: The following code reuses the password as the salt:

require 'openssl'
...
req = Rack::Response.new
password = req.params['password']
...
key = OpenSSL::PKCS5::pbkdf2_hmac(password, password, 100000, 256, 'SHA256')
...

It is never a good idea to use a null salt (None). Not only does a null salt defeats its own purpose but it allows all of the project's developers to view the salt and it also makes fixing the problem extremely difficult. After the code is in production, the salt cannot be easily changed. If attackers know the value of the salt, they can compute "rainbow tables" for the application and more easily determine the hashed values.

Example 1: The following code uses a null salt (None):

from django.utils.crypto import salted_hmac
...
hmac = salted_hmac(value, None).hexdigest()
...

This code will run successfully, but anyone who has access to it will have access to the salt. After the program ships, there is likely no way to change the null salt. An employee with access to this information can use it to break into the system.

It is never a good idea to use an empty salt. Not only does using an empty salt make it significantly easier to determine the hashed values, it also makes fixing the problem extremely difficult. After the code is in production, the salt cannot be easily changed. If attackers figure out that values are hashed with an empty salt, they can compute "rainbow tables" for the application and more easily determine the hashed values.

Example 1: The following code uses an empty salt:

...
CCKeyDerivationPBKDF(kCCPBKDF2,
                     password,
                     passwordLen,
                     "",
                     0,
                     kCCPRFHmacAlgSHA256,
                     100000,
                     derivedKey,
                     derivedKeyLen);
...

This code will run successfully, but anyone who has access to it will have access to the (empty) salt. After the program ships, there is likely no way to change the empty salt. An employee with access to this information can use it to break into the system.

It is never a good idea to use an empty salt. Not only does using an empty salt make it significantly easier to determine the hashed values, it also makes fixing the problem extremely difficult. After the code is in production, the salt cannot be easily changed. If attackers figure out that values are hashed with an empty salt, they can compute "rainbow tables" for the application and more easily determine the hashed values.

Example 1: The following code uses an empty salt:

...
$hash = hash_pbkdf2('sha256', $password, '', 100000);
...

This code will run successfully, but anyone who has access to it will have access to the (empty) salt. After the program ships, there is likely no way to change the empty salt. An employee with access to this information can use it to break into the system.

It is never a good idea to use an empty salt. Not only does using an empty salt make it significantly easier to determine the hashed values, it also makes fixing the problem extremely difficult. After the code is in production, the salt cannot be easily changed. If attackers figure out that values are hashed with an empty salt, they can compute "rainbow tables" for the application and more easily determine the hashed values.

Example 1: The following code uses an empty salt:

from hashlib import pbkdf2_hmac
...
dk = pbkdf2_hmac('sha256', password, '', 100000)
...

This code will run successfully, but anyone who has access to it will have access to the (empty) salt. After the program ships, there is likely no way to change the empty salt. An employee with access to this information can use it to break into the system.

It is never a good idea to use an empty salt. Not only does using an empty salt make it significantly easier to determine the hashed values, it also makes fixing the problem extremely difficult. After the code is in production, the salt cannot be easily changed. If attackers figure out that values are hashed with an empty salt, they can compute "rainbow tables" for the application and more easily determine the hashed values.

Example 1: The following code uses an empty salt:

...
dk = OpenSSL::PKCS5.pbkdf2_hmac(password, "", 100000, 256, digest)
...

This code will run successfully, but anyone who has access to it will have access to the (empty) salt. After the program ships, there is likely no way to change the empty salt. An employee with access to this information can use it to break into the system.

It is never a good idea to use an empty salt. Not only does using an empty salt make it significantly easier to determine the hashed values, it also makes fixing the problem extremely difficult. After the code is in production, the salt cannot be easily changed. If attackers figure out that values are hashed with an empty salt, they can compute "rainbow tables" for the application and more easily determine the hashed values.

Example 1: The following code uses an empty salt:

...
let ITERATION = UInt32(100000)
...
CCKeyDerivationPBKDF(CCPBKDFAlgorithm(kCCPBKDF2),
password,
passwordLength,
"",
0,
CCPseudoRandomAlgorithm(kCCPRFHmacAlgSHA256),
ITERATION,
derivedKey,
derivedKeyLength)

This code will run successfully, but anyone who has access to it will have access to the (empty) salt. After the program ships, there is likely no way to change the empty salt. An employee with access to this information can use it to break into the system.

Weak Cryptographic Hash: User-Controlled Salt issues occur when:

1. Data enters a program through an untrusted source

2. User-controlled data is included within the salt, or used entirely as the salt within a cryptographic hashing function.

As with many software security vulnerabilities, Weak Cryptographic Hash: User-Controlled Salt is a means to an end, not an end in and of itself. At its root, the vulnerability is straightforward: an attacker passes malicious data to an application, and the data is then used as all or part of the salt in a cryptographic hash.

The problem with having a user-controlled salt is that it can enable various attacks:

1. The attacker may use this vulnerability to specify an empty salt for the data being hashed. From this, it would be trivial to quickly hash the data being hashed under his control using a number of different hashing algorithms to leak information about the hashing implementation used within your application. This could make "cracking" other data values easier by being able to limit the particular variant of hash used.
2. If the attacker is able to manipulate other users' salts, or trick other users into using an empty salt, this would enable them to compute "rainbow tables" for the application and more easily determine the hashed values.

Example 1: The following code uses a user-controlled salt for password hashing:

    ...
    salt = getenv("SALT");
    password = crypt(getpass("Password:"), salt);
    ...

Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to hash the password by modifying the environment variable SALT. Additionally, this code uses the crypt() function, which should not be used for cryptographic hashing of passwords. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.

Weak Cryptographic Hash: User-Controlled Salt issues occur when:

1. Data enters a program through an untrusted source.

2. The user-controlled data is included within the salt, or used entirely as the salt in a cryptographic hash function.


As with many software security vulnerabilities, Weak Cryptographic Hash: User-Controlled Salt is a means to an end, not an end in and of itself. At its root, the vulnerability is straightforward: an attacker passes malicious data to an application, and the data is then used as all or part of the salt in a cryptographic hash function.

User-defined salt can enable various types of attacks:

1. Attackers can use this vulnerability to specify an empty salt for the hashed data. Then attackers can quickly hash the data under their control using many different hashing algorithms to leak the hashing implementation your application. This could make "cracking" other data values easier by limiting the particular variant of hash used.
2. If the attacker can manipulate other users' salts, or trick other users into using an empty salt, this enables them to compute "rainbow tables" for the application and easily determine the hashed values.

Example 1: The following code uses a user-controlled salt for password hashing:

func someHandler(w http.ResponseWriter, r *http.Request){
  r.parseForm()
  salt := r.FormValue("salt")
  password := r.FormValue("password")
  ...
  sha256.Sum256([]byte(salt + password))
}

The code in Example 1 will run successfully, but anyone who can get to this functionality can to manipulate the salt used to hash the password by modifying the environment variable salt. Additionally, this code uses the Sum256 cryptographic hash function, which should not be used for cryptographic hashing of passwords. After the program ships, it is nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.

Weak Cryptographic Hash: User-Controlled Salt issues occur when:

1. Data enters a program through an untrusted source.

2. The user-controlled data is included within the salt, or used entirely as the salt within a cryptographic hash function.


As with many software security vulnerabilities, Weak Cryptographic Hash: User-Controlled Salt is a means to an end, not an end in and of itself. At its root, the vulnerability is straightforward: an attacker passes malicious data to an application, and the data is then used as all or part of the salt in a cryptographic hash function.

The problem with having a user-defined salt is that it can enable various attacks:

1. The attacker may use this vulnerability to specify an empty salt for the data being hashed. From this, it would be trivial to quickly hash the data being hashed under his control using a number of different hashing algorithms to leak information about the hashing implementation used within your application. This could make "cracking" other data values easier by being able to limit the particular variant of hash used.
2. If the attacker is able to manipulate other users' salts, or trick other users into using an empty salt, this would enable them to compute "rainbow tables" for the application and more easily determine the hashed values.

Example 1: The following code uses a user-controlled salt for password hashing:

import hashlib, binascii

def register(request):
  password = request.GET['password']
  username = request.GET['username']
  salt = os.environ['SALT']

  hash = hashlib.md5("%s:%s" % (salt, password,)).hexdigest()
  store(username, hash)
...

The code in Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to hash the password by modifying the environment variable SALT. Additionally, this code uses the md5() cryptographic hash function, which should not be used for cryptographic hashing of passwords. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.

Weak Cryptographic Hash: User-Controlled Salt issues occur when:

1. Data enters a program through an untrusted source

2. The user-controlled data is included within the salt, or used entirely as the salt within a cryptographic hashing function.

As with many software security vulnerabilities, Weak Cryptographic Hash: User-Controlled Salt is a means to an end, not an end in and of itself. At its root, the vulnerability is straightforward: an attacker passes malicious data to an application, this is then used as a salt in a cryptographic hash.

The problem with having a user-defined salt is that it can enable various attacks:

1. The attacker may use this vulnerability to specify an empty salt for the data being hashed. From this, it would be trivial to quickly hash the data being hashed under his control using a number of different hashing algorithms to leak information about the hashing implementation used within your application. This could make "cracking" other data values easier by being able to limit the particular variant of hash used.
2. If the attacker is able to manipulate other users' salts, or trick other users into using an empty salt, this would enable them to compute "rainbow tables" for the application and more easily determine the hashed values.

Example 1: The following code uses a user-controlled salt for password hashing:

    ...
    salt = req.params['salt']
    hash = @userPassword.crypt(salt)
    ...

The code in Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to hash the password by modifying the parameter salt. Additionally, this code uses the String#crypt() function, which should not be used for cryptographic hashing of passwords. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.

It is never a good idea to use a null (None) salt. Not only does using a null salt make it significantly easier to determine the hashed values, it also makes fixing the problem extremely difficult. After the code is in production, the salt cannot be easily changed. If attackers figure out that values are hashed with a null salt, they can compute "rainbow tables" for the application and more easily determine the hashed values.

Example 1: The following code uses a null (None) salt:

import hashlib, binascii
from django.utils.crypto import pbkdf2

def register(request):
  password = request.GET['password']
  username = request.GET['username']
  dk = pbkdf2(password, None, 100000)
  hash = binascii.hexlify(dk)
  store(username, hash)
...

This code will run successfully, but anyone who has access to it will have access to the null salt. After the program ships, there is likely no way to change the null salt. An employee with access to this information can use it to break into the system.

It is never a good idea to use a null (nil) salt. Not only does using a null salt make it significantly easier to determine the hashed values, it also makes fixing the problem extremely difficult. After the code is in production, the salt cannot be easily changed. If attackers figure out that values are hashed with a null salt, they can compute "rainbow tables" for the application and more easily determine the hashed values.

Example 1: The following code uses a null (nil) salt:

...
let ITERATION = UInt32(100000)
...
CCKeyDerivationPBKDF(CCPBKDFAlgorithm(kCCPBKDF2),
password,
passwordLength,
nil,
0,
CCPseudoRandomAlgorithm(kCCPRFHmacAlgSHA256),
ITERATION,
derivedKey,
derivedKeyLength)
...

This code will run successfully, but anyone who has access to it will have access to the null salt. After the program ships, there is likely no way to change the null salt. An employee with access to this information can use it to break into the system.

Weak Cryptographic Hash: User-Controlled PBE Salt issues occur when:

1. Data enters a program through an untrusted source.

2. User-controlled data is included within the salt, or used entirely as the salt within a Password-Based Key Derivation Function (PBKDF).


As with many software security vulnerabilities, Weak Cryptographic Hash: User-Controlled PBE Salt is a means to an end, not an end in and of itself. At its root, the vulnerability is straightforward: an attacker passes malicious data to an application, and the data is then used as all or part of the salt in a PBKDF.

The problem with having a user-defined salt is that it can enable various attacks:

1. The attacker may use this vulnerability to specify an empty salt for their own password. From this, it would be trivial to quickly derive their own password using a number of different password-based key derivation functions to leak information about the PBKDF implementation used within your application. This could make "cracking" other passwords easier by being able to limit the particular variant of hash used.
2. If the attacker is able to manipulate other users' salts, or trick other users into using an empty salt, this would enable them to compute "rainbow tables" for the application and more easily determine the derived values.

Example 1: The following code uses a user-controlled salt:

  string salt = ConfigurationManager.AppSettings["salt"];
  ...
  Rfc2898DeriveBytes rfc = new Rfc2898DeriveBytes("password", Encoding.ASCII.GetBytes(salt));
  ...
  

The code in Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to derive the key or password by modifying the property salt. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.

Weak Cryptographic Hash: User-Controlled PBE Salt issues occur when:

1. Data enters a program through an untrusted source

2. User-controlled data is included within the salt, or used entirely as the salt within a Password-Based Key Derivation Function (PBKDF).


As with many software security vulnerabilities, Weak Cryptographic Hash: User-Controlled PBE Salt is a means to an end, not an end in and of itself. At its root, the vulnerability is straightforward: an attacker passes malicious data to an application, and the data is then used as all or part of the salt in a PBKDF.

The problem with having a user-controlled salt is that it can enable various attacks:

1. The attacker may use this vulnerability to specify an empty salt for their own password. From this, it would be trivial to quickly derive their own password using a number of different password-based key derivation functions to leak information about the PBKDF implementation used within your application. This could make "cracking" other passwords easier by being able to limit the particular variant of hash used.
2. If the attacker is able to manipulate other users' salts, or trick other users into using an empty salt, this would enable them to compute "rainbow tables" for the application and more easily determine the derived values.

Example 1: The following code uses a user-controlled salt:

    ...
    salt = getenv("SALT");
    PKCS5_PBKDF2_HMAC(pass, sizeof(pass), salt, sizeof(salt), ITERATION, EVP_sha512(), outputBytes, digest);
    ...

The code in Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to derive the key or password by modifying the environment variable SALT. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.

Weak Cryptographic Hash: User-Controlled PBE Salt issues occur when:

1. Data enters a program through an untrusted source

2. User-controlled data is included within the salt, or used entirely as the salt within a Password-Based Key Derivation Function (PBKDF).


As with many software security vulnerabilities, Weak Cryptographic Hash: User-Controlled PBE Salt is a means to an end, not an end in and of itself. At its root, the vulnerability is straightforward: an attacker passes malicious data to an application, and the data is then used as all or part of the salt in a PBKDF.

The problem with having a user-defined salt is that it can enable various attacks:

1. The attacker may use this vulnerability to specify an empty salt for their own password. From this, it would be trivial to quickly derive their own password using a number of different password-based key derivation functions to leak information about the PBKDF implementation used within your application. This could make "cracking" other passwords easier by being able to limit the particular variant of hash used.
2. If the attacker is able to manipulate other users' salts, or trick other users into using an empty salt, this would enable them to compute "rainbow tables" for the application and more easily determine the derived values.

Example 1: The following code uses a user-controlled salt:

...
@property (strong, nonatomic) IBOutlet UITextField *inputTextField;
...
NSString *salt = _inputTextField.text;
const char *salt_cstr = [salt cStringUsingEncoding:NSUTF8StringEncoding];
...
CCKeyDerivationPBKDF(kCCPBKDF2,
                     password,
                     passwordLen,
                     salt_cstr,
                     salt.length,
                     kCCPRFHmacAlgSHA256,
                     100000,
                     derivedKey,
                     derivedKeyLen);
...

The code in Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to derive the key or password by modifying the text in the UITextField inputTextField. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.

Weak Cryptographic Hash: User-Controlled PBE Salt issues occur when:

1. Data enters a program through an untrusted source.

2. User-controlled data is included within the salt, or used entirely as the salt within a Password-Based Key Derivation Function (PBKDF).


As with many software security vulnerabilities, Weak Cryptographic Hash: User-Controlled PBE Salt is a means to an end, not an end in and of itself. At its root, the vulnerability is straightforward: an attacker passes malicious data to an application, and the data is then used as all or part of the salt in a PBKDF.

The problem with having a user-defined salt is that it can enable various attacks:

1. The attacker may use this vulnerability to specify an empty salt for their own password. From this, it would be trivial to quickly derive their own password using a number of different password-based key derivation functions to leak information about the PBKDF implementation used within your application. This could make "cracking" other passwords easier by being able to limit the particular variant of hash used.
2. If the attacker is able to manipulate other users' salts, or trick other users into using an empty salt, this would enable them to compute "rainbow tables" for the application and more easily determine the derived values.

Example 1: The following code uses a user-controlled salt:

function register(){
  $password = $_GET['password'];
  $username = $_GET['username'];
  $salt = getenv('SALT');

  $hash = hash_pbkdf2('sha256', $password, $salt, 100000);
...

The code in Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to derive the key or password by modifying the environment variable SALT. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.

Weak Cryptographic Hash: User-Controlled PBE Salt issues occur when:

1. Data enters a program through an untrusted source.

2. User-controlled data is included within the salt, or used entirely as the salt within a Password-Based Key Derivation Function (PBKDF).


As with many software security vulnerabilities, Weak Cryptographic Hash: User-Controlled PBE Salt is a means to an end, not an end in and of itself. At its root, the vulnerability is straightforward: an attacker passes malicious data to an application, and the data is then used as all or part of the salt in a PBKDF.

The problem with having a user-defined salt is that it can enable various attacks:

1. The attacker may use this vulnerability to specify an empty salt for their own password. From this, it would be trivial to quickly derive their own password using a number of different password-based key derivation functions to leak information about the PBKDF implementation used within your application. This could make "cracking" other passwords easier by being able to limit the particular variant of hash used.
2. If the attacker is able to manipulate other users' salts, or trick other users into using an empty salt, this would enable them to compute "rainbow tables" for the application and more easily determine the derived values.

Example 1: The following code uses a user-controlled salt:

import hashlib, binascii

def register(request):
  password = request.GET['password']
  username = request.GET['username']
  salt = os.environ['SALT']

  dk = hashlib.pbkdf2_hmac('sha256', password, salt, 100000)
  hash = binascii.hexlify(dk)
  store(username, hash)
...

The code in Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to derive the key or password by modifying the environment variable SALT. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.

Weak Cryptographic Hash: User-Controlled PBE Salt issues occur when:

1. Data enters a program through an untrusted source

2. User-controlled data is included within the salt, or used entirely as the salt within a Password-Based Key Derivation Function (PBKDF).


As with many software security vulnerabilities, Weak Cryptographic Hash: User-Controlled PBE Salt is a means to an end, not an end in and of itself. At its root, the vulnerability is straightforward: an attacker passes malicious data to an application, and the data is then used as all or part of the salt in a PBKDF.

The problem with having a user-defined salt is that it can enable various attacks:

1. The attacker may use this vulnerability to specify an empty salt for their own password. From this, it would be trivial to quickly derive their own password using a number of different password-based key derivation functions to leak information about the PBKDF implementation used within your application. This could make "cracking" other passwords easier by being able to limit the particular variant of hash used.
2. If the attacker is able to manipulate other users' salts, or trick other users into using an empty salt, this would enable them to compute "rainbow tables" for the application and more easily determine the derived values.

Example 1: The following code uses a user-controlled salt:

...
salt=io.read
key = OpenSSL::PKCS5::pbkdf2_hmac(pass, salt, iter_count, 256, 'SHA256')
...

The code in Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to derive the key or password by modifying the text in salt. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.

Weak Cryptographic Hash: User-Controlled PBE Salt issues occur when:

1. Data enters a program through an untrusted source

2. User-controlled data is included within the salt, or used entirely as the salt within a Password-Based Key Derivation Function (PBKDF).


As with many software security vulnerabilities, Weak Cryptographic Hash: User-Controlled PBE Salt is a means to an end, not an end in and of itself. At its root, the vulnerability is straightforward: an attacker passes malicious data to an application, and the data is then used as all or part of the salt in a PBKDF.

The problem with having a user-defined salt is that it can enable various attacks:

1. The attacker may use this vulnerability to specify an empty salt for their own password. From this, it would be trivial to quickly derive their own password using a number of different password-based key derivation functions to leak information about the PBKDF implementation used within your application. This could make "cracking" other passwords easier by being able to limit the particular variant of hash used.
2. If the attacker is able to manipulate other users' salts, or trick other users into using an empty salt, this would enable them to compute "rainbow tables" for the application and more easily determine the derived values.

Example 1: The following code uses a user-controlled salt:

...
@IBOutlet weak var inputTextField : UITextField!
...
let salt = (inputTextField.text as NSString).dataUsingEncoding(NSUTF8StringEncoding)
let saltPointer = UnsafePointer<UInt8>(salt.bytes)
let saltLength = size_t(salt.length)
...
let algorithm : CCPBKDFAlgorithm = CCPBKDFAlgorithm(kCCPBKDF2)
let prf : CCPseudoRandomAlgorithm = CCPseudoRandomAlgorithm(kCCPRFHmacAlgSHA256)
CCKeyDerivationPBKDF(algorithm,
                     passwordPointer,
                     passwordLength,
                     saltPointer,
                     saltLength,
                     prf,
                     100000,
                     derivedKeyPointer,
                     derivedKeyLength)
...

The code in Example 1 will run successfully, but anyone who can get to this functionality will be able to manipulate the salt used to derive the key or password by modifying the text in the UITextField inputTextField. After the program ships, it can be nontrivial to undo an issue regarding user-controlled salts, as it is extremely difficult to know if a malicious user determined the salt of a password hash.