lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <548BF42C.10604@bindshell.nl> Date: Sat, 13 Dec 2014 00:09:16 -0800 From: epixoip <epixoip@...dshell.nl> To: discussions@...sword-hashing.net Subject: Re: [PHC] How important is salting really? On 12/12/2014 11:56 PM, Jeremy Spilman wrote: > On Fri, 12 Dec 2014 23:03:13 -0800, epixoip <epixoip@...dshell.nl> wrote: > >> You eliminate more salts faster by looping over the salts for >> each word in a wordlist, as opposed to looping over the wordlist for >> each hash. > > > I'm going to try (and likely fail) to channel @scoobz here; > > If you are optimizing the attack by iterating through each salt and > then going on to incrementally less popular passwords, (makes perfect > sense) then I would imagine if the defender naively does H(pwd||salt) > you could gain a significant optimization from that. Do you ever see > this in practice? Yes, and this is immediately observable. Hashtype: md5($pass.$salt) Workload: 1024 loops, 256 accel Speed.GPU.#1.: 12279.9 MH/s Hashtype: md5($salt.$pass) Workload: 1024 loops, 256 accel Speed.GPU.#1.: 6757.1 MH/s
Powered by blists - more mailing lists