The default salt value (a random series of bytes) to use with the GENERATE-PBE-KEY function. The default value is the Unknown value (?), which indicates that no salt value is used to generate the password-based encryption key.

Data type: RAW

Access: Readable/Writeable

Applies to: SECURITY-POLICY system handle

If specified, this salt value is combined with a password value and hashed some number of times to generate a password-based encryption key (using the algorithm specified by the PBE-HASH-ALGORITHM attribute and the number of iterations specified by the PBE-KEY-ROUNDS attribute).

When set and the PBE-ALGORITHM attribute is Legacy, only the first 8 bytes are used. If the value has fewer than 8 bytes, it is padded at the end with zero-value bytes.

When set and the PBE-ALGORITHM attribute is PBKDF2, up to 512 bytes are used.

You can use the GENERATE-PBE-SALT or GENERATE-SALT functions to generate a salt value, which promotes the uniqueness of the password key value.

You are responsible for generating, storing, and transporting this value.

See also

GENERATE-PBE-KEY function, GENERATE-PBE-SALT function, GENERATE-SALT function