| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20090810160821.94E1CB0048@smtp.hushmail.com> Date: Mon, 10 Aug 2009 12:08:21 -0400 From: antisec@...hmail.com To: full-disclosure@...ts.grok.org.uk Subject: Re: Salted passwords AntiSec would like to approach you by telling you to keep you whitehat filty ass off our list, Travis. Have a nice day sucking off Aitel. On Sun, 09 Aug 2009 20:14:57 -0400 T Biehn <tbiehn@...il.com> wrote: >Soliciting random suggestions. >Lets say I have data to one-way-hash. >The set has 9,999,999,999 members. >It's relatively easy to brute force this, or create precomp >tables. >So you add a salt to each. >Still easy to brute force. >If you were to create it in such a way that the hash could exist >anywhere in the set member, does this increase the cost of >computation >enough? > >That is, consider a member 'abcdefg' with salt 329938255. >When authenticating against the server, it must permute over all >possible combinations of the salt and the set member in order to >determine the validity of the password. > >If anyone has a better approach, or would like to approach me off >list, or knows of a list more suited to these queries please feel >free >to redirect me :) > >-Travis > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists