Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Seth Arnold (sarnoldWILLAMETTE.EDU)
Date: Fri Apr 06 2001 - 15:18:07 CDT
* Adam Berent <adminideveloperonline.com> [010406 13:10]:
> What can be done to protect your security software against dictionary
> attacks. I read seval times that people often salt their keys.
> However I don't see how this solves anything since you can just
> include the salting function into the password cracker and that will
> be the end of it.
[Adam, you would be wise to wrap your lines at 72 characters -- many
people will simply skim over difficult-to-read emails.]
The salting is important: a large enough salt will make precomputing a
dictionary impossible (there are only so many atoms in the universe).
You have already discovered why salting is important -- it forces the
cracker to include the salting function *while cracking*. This means
that a simple lookup table is impossible, for large enough salts.
Especially when one considers that the salt is ideally different for
each user on the system -- to prevent any dictionary from being used
against two users simultaneously.
It converts the work from off-line work to on-line work, essentially.
I hope this helps.
-- Earthlink: The #1 provider of unsolicited bulk email to the Internet.