| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050421211435.GU24966@crawfish.ais.com> Date: Thu, 21 Apr 2005 17:14:35 -0400 From: Jim Knoble <jmknoble@...ox.com> To: bugtraq@...urityfocus.com Subject: Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords Circa 2005-04-21 dixit Mike Fratto: : : > I thought the idea of the salt was to aid in expanding the : > keyspace. Even though the salt is known (in traditional Unix : > passwd/shadow/master.passwd databases, : : I am pretty sure the intent the salt is to make pre-computation of a : dictionaries infeasable due to storage requirements. It doesn't really add : to the keyspace because the salt is known and doesn't have to be guessed. ... which is exactly what i was speaking of. The salt increases the keyspace for the precomputed table of password hashes. The conversation was not about brute force attacks.... -- jim knoble | jmknoble@...ox.com | http://www.pobox.com/~jmknoble/ (GnuPG fingerprint: 809F:09B9:9686:D035:4AB0::9455:124B:0A62:DD6A:76D6) ..................................................................... :"The methods now being used to merchandise the political candidate : : as though he were a deodorant positively guarantee the electorate : : against ever hearing the truth about anything." --Aldous Huxley : :...................................................................:
Powered by blists - more mailing lists