lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 Dec 2014 01:53:58 -0800
From: epixoip <>
Subject: Re: [PHC] How important is salting really?

On 12/12/2014 1:44 AM, wrote:
> On Thu, 11 Dec 2014, epixoip wrote:
>> But salting alone is insufficient. For each hash we crack a salt is
>> eliminated and never checked again. Therefore our attacks speed up with
>> each hash we crack.
> Could you elaborate what you mean? Usually, the salt is known to the
> attacker, so there is no need to *crack* a salt at all?

I didn't say the salt was cracked, I said the salt was eliminated.
Hopefully you are familiar with how password cracking software works.
Each password candidate has to be re-hashed with each unique salt. This
is where your N-times slowdown comes from. Once a hash has been cracked,
its salt is removed from the salt table and future candidates are not
hashed with that salt. Thus the salt table shrinks with each successful
crack, and the effective speed of the attack increases with each
eliminated salt.

Powered by blists - more mailing lists