| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Dec 2014 04:53:38 -0800 From: epixoip <epixoip@...dshell.nl> To: discussions@...sword-hashing.net Subject: Re: [PHC] How important is salting really? On 12/12/2014 4:32 AM, Ben Harris wrote: > > > On 12/12/2014 7:19 pm, "epixoip" <epixoip@...dshell.nl > <mailto:epixoip@...dshell.nl>> wrote: > > > If there was no salt, then the cost would be drastically lower and the > > > attacker could start the attack before getting the hashed passwords. > > > > This makes absolutely no sense. How exactly does one start attacking > > hashes before having the hashes? > > I'll have to leave that as an exercise for the reader. Maybe have a > read of the Dunning-Kruger effect first. > Clever. Really. Except my superiority is not an illusion; my expertise and reputation speaks it itself. But I've never heard of you. So I ask you: who are you, and what qualifies you to speak with such authority on this topic? It's overwhelmingly obvious who on this list actually cracks passwords, and who just reads papers about cracking passwords. From where I'm sitting, if you're not a password cracker, you really don't carry any weight in a conversation about cracking passwords. Especially if you don't even understand how password cracking software attacks salted hashes.
Powered by blists - more mailing lists