This example is unfortunately somewhat broken: the 'salt' in that case does not yield an exponential but only linear increase of the number of dictionaries.

Contrary to what the post says, it is not necessary to compute the 3,125 possible orders. Only 5 reverse dictionaries are enough, with reverse(n, w) = "the set of definitions the nth word of which is w". Then, iterate the reverse lookup following backwards the provided salt.

It makes the attack much more tractable, in particular since the length of definitions is bounded (you know how many dictionaries you need to compute).

True. I'll add a PS pointing to this comment and set it as an exercise for the reader that it would be possible to reduce the number of dictionaries.

Perhaps the salt could be strengthened to include an additional midstep..."find the 3rd word in the definition five words behind the given word"...not exactly exponential, but it doesn't add a huge burden of work in the implementation

What I like about these solutions is that they give proper discussion to implementation, not just the theory behind the encryption. It wasn't initially clear to me why salts were stored out in the open and when they were brought into the actual encryption process but this is a very clear explanation.

this series of articles has been brilliant so far! it takes a relatively obscure concept that people dont always know / understand (even surprisingly many within the hacker world) - and makes it so simple to understand! great job - I wish people with skills like yours taught at university!

When I've written the last one I'll try to put all four together into a simple PDF with illustrations.

Reading these articles, I already implemented salts in my code, but I never realized that I have been implementing them incorrectly.

Which is why crypto should be left to reviewed experts. It is painfully easy to get wrong, and when you get it wrong, the result is usually a crack able system.

I'm not doing custom encryption. I'm not sure why you would think that.

Stop what you're doing, and just [use bcrypt](http://codahale.com/how-to-safely-store-a-password/).

The fact that you've gotten it wrong already (when you probably thought you knew what you were doing) should be a strong wakeup call. There's always an attack you didn't know about or a countermeasure you didn't think of.

I already use bcrypt, along with several other suites.

I've loved these blog posts so far -- they're a great intro to cryptography and force me to think simply.

I'm excited to hear what Carla has to offer!

fwiw, my crypto/security classes in college all referred to "Charlie" as a third party :)

http://en.wikipedia.org/wiki/Alice_and_Bob

Surprisingly simple explanations of tricky cryptographic concepts. Thanks a lot!