Use of "salt" for secret rehashing key is confusing

Question

Use of "salt" for secret rehashing key is confusing

Closed this issue 4 years ago · 0 comments

In SP 800-63B Section 5.1.1.2, the last paragraph describes an optional but recommended hashing step using a "secret salt" value. This is confusing because it's different from conventional salting (it's important that it be chosen randomly, not just arbitrarily, and that it be kept secret). This should probably be called a "hash key" instead. Perhaps also note that encryption can also be used in this situation.