lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 Apr 2005 15:25:23 -0400
From: "Mike Fratto" <mfratto@....com>
To: "'Jim Knoble'" <jmknoble@...ox.com>, <bugtraq@...urityfocus.com>
Subject: RE: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords


 
> I thought the idea of the salt was to aid in expanding the 
> keyspace. Even though the salt is known (in traditional Unix 
> passwd/shadow/master.passwd databases, 

I am pretty sure the intent the salt is to make pre-computation of a
dictionaries infeasable due to storage requirements. It doesn't really add
to the keyspace because the salt is known and doesn't have to be guessed.




Powered by blists - more mailing lists