lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <548B5880.6040904@dei.uc.pt> Date: Fri, 12 Dec 2014 21:05:04 +0000 From: Samuel Neves <sneves@....uc.pt> To: discussions@...sword-hashing.net Subject: Re: [PHC] How important is salting really? On 12-12-2014 18:57, Steve Thomas wrote: > And now for the other "salt table". For those that don't see the need for this, > it's because you probably haven't ran into a scheme that has lots of salt > collisions: crypt(3) (12 bit salt > http://en.wikipedia.org/wiki/Crypt_(C)#Traditional_DES-based_scheme) or > vBulletin (3 character salt). These cause massive amounts of salt collisions and > as such you have a table of unique salts "salt table". You run through the salt > table and remove them when they are no longer needed. If salts are large enough > there is little difference between a salt table and a list of all the hashes > with their salts. Thanks for clearing this up. Since most good password hash functions use salts with at least 128 bits, it is easy to wonder why indexing by salt would be a good idea.
Powered by blists - more mailing lists