Hardcoded Cryptographic Salt

ID

python.hardcoded_cryptographic_salt

Severity

high

Resource

Predictability

Language

Python

Tags

CWE:760, NIST.SP.800-53, OWASP:2021:A2, PCI-DSS:6.5.3

Description

"Salting" is a technique used in some cryptographic operations:

  • With password hashing, a salt is typically used to prevent dictionary or 'rainbow' table attacks using massive pre-computed tables of hashed common passwords.

  • With key derivation functions (KDF), such as PBKDF2, scrypt or Argon2, a salt is used to prevent the same key being derived from the same input password.

  • With digital signatures and message authentication schemes, salts often add randomness to the message being signed or authenticated, making it harder for attackers to forge signatures or extract private keys through cryptoanalysis.

The use of a hardcoded cryptographic salt in applications can severely compromise the security of cryptographic processes. In password hashing, for example, a salt is typically used to ensure that even if two users have the same password, their hashed outputs will differ.

However, if the salt is hardcoded into the application’s source code, it becomes predictable and defeats the purpose of introducing randomness, making the application susceptible to attacks such as dictionary and rainbow table attacks.

Rationale

Hardcoding cryptographic salts within the source code is a common error that can reduce the effectiveness of hash functions used to secure sensitive information, like passwords.

A salt should be unique and random for each cryptographic operation to ensure that the results are distinct, even for identical inputs. By hardcoding a salt, attackers can reverse-engineer the application to discover the salt, allowing them to perform attacks that target the hashed data.

Consider the following Python example where the cryptographic salt is hardcoded:

import hashlib

def hash_password(password):
    salt = 'mySalt'
    return hashlib.sha256('{0}{1}' .format(salt, password).encode()).hexdigest() # FLAW

In this example, the salt is hardcoded and used during the hashing process, increasing vulnerability to pre-compiled attack vectors.

Remediation

To remediate the issue of a hardcoded cryptographic salt, developers should generate a unique, random salt for each cryptographic operation. This ensures the robustness of the hash function by making the output unique even for identical inputs.

Generate a unique, non-predictable salt for each cryptographic operation. Store the generated salt in clear text along with the hashed/encrypted data to allow so the salt could be retrieved during the verification process. And never reuse a salt !

In the 1970s 12 bits of salt were common and appropriate for the computational and storage capacity at that time. Today, at least 128 bits of salt are recommended and generally are robust enough for most use cases.

References