lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <548ABB36.1080008@bindshell.nl> Date: Fri, 12 Dec 2014 01:53:58 -0800 From: epixoip <epixoip@...dshell.nl> To: discussions@...sword-hashing.net Subject: Re: [PHC] How important is salting really? On 12/12/2014 1:44 AM, Stefan.Lucks@...-weimar.de wrote: > On Thu, 11 Dec 2014, epixoip wrote: > >> But salting alone is insufficient. For each hash we crack a salt is >> eliminated and never checked again. Therefore our attacks speed up with >> each hash we crack. > > Could you elaborate what you mean? Usually, the salt is known to the > attacker, so there is no need to *crack* a salt at all? > I didn't say the salt was cracked, I said the salt was eliminated. Hopefully you are familiar with how password cracking software works. Each password candidate has to be re-hashed with each unique salt. This is where your N-times slowdown comes from. Once a hash has been cracked, its salt is removed from the salt table and future candidates are not hashed with that salt. Thus the salt table shrinks with each successful crack, and the effective speed of the attack increases with each eliminated salt.
Powered by blists - more mailing lists