lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 Dec 2014 04:53:38 -0800
From: epixoip <>
Subject: Re: [PHC] How important is salting really?

On 12/12/2014 4:32 AM, Ben Harris wrote:
> On 12/12/2014 7:19 pm, "epixoip" <
> <>> wrote:
> > > If there was no salt, then the cost would be drastically lower and the
> > > attacker could start the attack before getting the hashed passwords.
> >
> > This makes absolutely no sense. How exactly does one start attacking
> > hashes before having the hashes?
> I'll have to leave that as an exercise for the reader. Maybe have a
> read of the Dunning-Kruger effect first.

Clever. Really. Except my superiority is not an illusion; my expertise
and reputation speaks it itself. But I've never heard of you. So I ask
you: who are you, and what qualifies you to speak with such authority on
this topic?

It's overwhelmingly obvious who on this list actually cracks passwords,
and who just reads papers about cracking passwords. From where I'm
sitting, if you're not a password cracker, you really don't carry any
weight in a conversation about cracking passwords. Especially if you
don't even understand how password cracking software attacks salted hashes.

Powered by blists - more mailing lists