lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <548A419A.4040401@defuse.ca>
Date: Thu, 11 Dec 2014 18:15:06 -0700
From: Taylor Hornby <havoc@...use.ca>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] How important is salting really?

On 12/11/2014 05:58 PM, Bitweasil . wrote:
> A factor of N slowdown in cracking, where N is the number of unique salts
> in the uncracked list of hashes.

> On Dec 11, 2014 4:57 PM, "Marsh Ray" <maray@...rosoft.com> wrote:
>>
>> (If this chance is small, then what do we gain by salting?)

Another reason is that without a salt, the attacker can pre-compute
lookup tables before they get access to the hashes. In terms of
organized crime that means there'll be large-scale cracking services
that can invest in creating MASSIVE rainbow tables and make a profit
selling access to them. With salt, that entire effort has to be re-done
for each breach (and hash within a breach).

-- 
Taylor Hornby

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ