Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Salted passwords

From: antisec () hushmail com
Date: Mon, 10 Aug 2009 12:08:21 -0400
AntiSec would like to approach you by telling you to keep you 
whitehat filty ass off our list, Travis.

Have a nice day sucking off Aitel.

On Sun, 09 Aug 2009 20:14:57 -0400 T Biehn <tbiehn () gmail com> wrote:

Soliciting random suggestions.
Lets say I have data to one-way-hash.
The set has 9,999,999,999 members.
It's relatively easy to brute force this, or create precomp 
tables.
So you add a salt to each.
Still easy to brute force.
If you were to create it in such a way that the hash could exist
anywhere in the set member, does this increase the cost of 
computation
enough?

That is, consider a member 'abcdefg' with salt 329938255.
When authenticating against the server, it must permute over all
possible combinations of the salt and the set member in order to
determine the validity of the password.

If anyone has a better approach, or would like to approach me off
list, or knows of a list more suited to these queries please feel 
free
to redirect me :)

-Travis

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: