| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <27701.1249935961@turing-police.cc.vt.edu>
Date: Mon, 10 Aug 2009 16:26:01 -0400
From: Valdis.Kletnieks@...edu
To: T Biehn <tbiehn@...il.com>
Cc: full-disclosure <Full-Disclosure@...ts.grok.org.uk>
Subject: Re: Salted passwords
On Sun, 09 Aug 2009 20:14:57 EDT, T Biehn said:
> Soliciting random suggestions.
> Lets say I have data to one-way-hash.
> The set has 9,999,999,999 members.
Actually, if you're using a 10-digit decimal field, you probably have 10**10
possible members - all-zeros counts too (unless there's *other* reasons zero
isn't a legal ID). It's those little off-by-one errors that tend to get you.
;)
> It's relatively easy to brute force this, or create precomp tables.
That's because you only have 10M billion members to brute force against.
> So you add a salt to each.
A better idea cryptographically would be to fix the 10**10 member limit, so
that the set *could* have a much higher possible number of members. Even
staying at 10 characters, but allowing [A-Za-z0-9] (62 possible chars) raises
your space to 62**10 or about 8.3*10**17 (or almost 10M times the difficuly).
That's why most symmetric crypto algorithms use at least 64-bit or even larger
keys, and even larger for RSA and similar public-key systems.
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists