| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2d6724810908091714n59962592r6973ffe046a8a18d@mail.gmail.com> Date: Sun, 9 Aug 2009 20:14:57 -0400 From: T Biehn <tbiehn@...il.com> To: full-disclosure <Full-Disclosure@...ts.grok.org.uk> Subject: Salted passwords Soliciting random suggestions. Lets say I have data to one-way-hash. The set has 9,999,999,999 members. It's relatively easy to brute force this, or create precomp tables. So you add a salt to each. Still easy to brute force. If you were to create it in such a way that the hash could exist anywhere in the set member, does this increase the cost of computation enough? That is, consider a member 'abcdefg' with salt 329938255. When authenticating against the server, it must permute over all possible combinations of the salt and the set member in order to determine the validity of the password. If anyone has a better approach, or would like to approach me off list, or knows of a list more suited to these queries please feel free to redirect me :) -Travis _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists