Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Asmodeus (asmodeus-secprogBEAST.TBURG.NET)
Date: Thu Apr 12 2001 - 20:13:58 CDT
On Mon, Apr 09, 2001 at 11:37:10PM -0600, Elias Levy wrote:
> Salting does not rely in the salt being secret. Salting simply increases
> the time-cost of testing multiple passwords with different salts and
> the space-cost of precomputed dictionary attacks.
I don't see how it increases anything. You have the ciphertext, for a unix
crypt'd password for example (lets say its from a stolen /etc/passwd):
zf83kFv/weisOfd9 (just me typing randomly for 16 characters)
You *know* the salt is zf, so take your dictionary database and just encrypt
each one with the salt 'zf'.
I *know* I must be missing something, but what am I missing?