lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 Dec 2014 21:05:04 +0000
From: Samuel Neves <sneves@....uc.pt>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] How important is salting really?

On 12-12-2014 18:57, Steve Thomas wrote:
> And now for the other "salt table". For those that don't see the need for this,
> it's because you probably haven't ran into a scheme that has lots of salt
> collisions: crypt(3) (12 bit salt
> http://en.wikipedia.org/wiki/Crypt_(C)#Traditional_DES-based_scheme) or
> vBulletin (3 character salt). These cause massive amounts of salt collisions and
> as such you have a table of unique salts "salt table". You run through the salt
> table and remove them when they are no longer needed. If salts are large enough
> there is little difference between a salt table and a list of all the hashes
> with their salts.

Thanks for clearing this up. Since most good password hash functions use salts with at least 128 bits, it is easy to
wonder why indexing by salt would be a good idea.

Powered by blists - more mailing lists