|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Asmodeus (asmodeus-secprog
BEAST.TBURG.NET)Date: Thu Apr 12 2001 - 20:13:58 CDT
On Mon, Apr 09, 2001 at 11:37:10PM -0600, Elias Levy wrote:
>
> Salting does not rely in the salt being secret. Salting simply increases
> the time-cost of testing multiple passwords with different salts and
> the space-cost of precomputed dictionary attacks.
I don't see how it increases anything. You have the ciphertext, for a unix
crypt'd password for example (lets say its from a stolen /etc/passwd):
zf83kFv/weisOfd9 (just me typing randomly for 16 characters)
You *know* the salt is zf, so take your dictionary database and just encrypt
each one with the salt 'zf'.
I *know* I must be missing something, but what am I missing?
.Shawn
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]