| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.DEB.2.11.1412121144440.22319@debian>
Date: Fri, 12 Dec 2014 11:48:49 +0100 (CET)
From: Stefan.Lucks@...-weimar.de
To: discussions@...sword-hashing.net
Subject: Re: [PHC] How important is salting really?
On Fri, 12 Dec 2014, Ben Harris wrote:
> On 12 December 2014 at 17:53, epixoip <epixoip@...dshell.nl> wrote:
> Thus the salt table shrinks with each successful
> crack, and the effective speed of the attack increases with each
> eliminated salt.
>
>
> A rather confusing way to describe things. If we are attacking all password
> hashes, one password at a time (from the most common down). Then each time we
> find a match, the pool of hashes decreases and subsequent passwords can be
> search faster.
Ah, now I see what epixoip means. I don't think, this comes even close to
a justification for *not* using salts.
> At the moment an attacker can calculate somewhere between 10^10 - 10^15
> SHA256 per dollar in electricity. They can scan a list of 1 million common
> passwords for about a thousandth of a cent. If this cost were much higher (>>
> $1), then the economics of the attacks would change.
>
> If there was no salt, then the cost would be drastically lower and the
> attacker could start the attack before getting the hashed passwords.
Yes, that was the point I was trying to make.
So long
Stefan
------ I love the taste of Cryptanalysis in the morning! ------
<http://www.uni-weimar.de/cms/medien/mediensicherheit/home.html>
--Stefan.Lucks (at) uni-weimar.de, Bauhaus-Universität Weimar, Germany--
Powered by blists - more mailing lists