Full Disclosure mailing list archives
Salted passwords
From: T Biehn <tbiehn () gmail com>
Date: Sun, 9 Aug 2009 20:14:57 -0400
Soliciting random suggestions. Lets say I have data to one-way-hash. The set has 9,999,999,999 members. It's relatively easy to brute force this, or create precomp tables. So you add a salt to each. Still easy to brute force. If you were to create it in such a way that the hash could exist anywhere in the set member, does this increase the cost of computation enough? That is, consider a member 'abcdefg' with salt 329938255. When authenticating against the server, it must permute over all possible combinations of the salt and the set member in order to determine the validity of the password. If anyone has a better approach, or would like to approach me off list, or knows of a list more suited to these queries please feel free to redirect me :) -Travis _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Salted passwords T Biehn (Aug 09)
- Message not available
- Re: Salted passwords T Biehn (Aug 10)
- Message not available
- Re: Salted passwords Valdis . Kletnieks (Aug 10)
- Re: Salted passwords T Biehn (Aug 10)
- Re: Salted passwords Lyal Collins (Aug 12)
- Re: Salted passwords T Biehn (Aug 10)
- <Possible follow-ups>
- Re: Salted passwords antisec (Aug 10)
- Re: Salted passwords T Biehn (Aug 10)
- Re: Salted passwords raid (Aug 10)
- Re: Salted passwords T Biehn (Aug 10)