[Opendnssec-develop] getting rid of HSM callsfrom the communicator

[Rick van Rein]

Hi,

> > It would seem the better option to me too to generate the salt at 
> > system installation/first startup.
> 
> Why?

Salt is used to make dictionary attacks harder, and the more generic
a dictionary can be used, the more likely such an attack becomes.
So, in order to be less predictable, salts must be changed as often
as is practical, ideally every time before using it.

Installing a system with the same salt everywhere is exactly as good
as not salting at all.

-Rick