* Adam Berent <adminideveloperonline.com> [010406 13:10]:
> What can be done to protect your security software against dictionary
> attacks. I read seval times that people often salt their keys.
> However I don't see how this solves anything since you can just
> include the salting function into the password cracker and that will
> be the end of it.

[Adam, you would be wise to wrap your lines at 72 characters -- many
people will simply skim over difficult-to-read emails.]

The salting is important: a large enough salt will make precomputing a
dictionary impossible (there are only so many atoms in the universe).

You have already discovered why salting is important -- it forces the
cracker to include the salting function *while cracking*. This means
that a simple lookup table is impossible, for large enough salts.
Especially when one considers that the salt is ideally different for
each user on the system -- to prevent any dictionary from being used
against two users simultaneously.

It converts the work from off-line work to on-line work, essentially.

I hope this helps.

--
Earthlink: The #1 provider of unsolicited bulk email to the Internet.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]