matthias at winterdrache.de
Thu Jan 17 09:02:26 PST 2002
On 17 Jan 2002, at 10:47, Bruce Dubbs wrote:
> password? If you were cracking passwords a lot, you could just generate
> all combinations up to a certain length on a large hard disk and do a
> binary search on the digest and get any of those PWs in less than a second.
To prevent this, a so-called salt is used. You do not only encrypt the
password, you first concatenate it with a (pseudo-)random salt string that
is saved together with the encrypted string. In order for the above scheme
to work you will have to generate encryptions of all passwords combined
with all salt strings. That increases the number of data extremely. The
amount of storage needed is (still) too expensive to be used exclusively
for cracking, especially since all sites worth cracking use shadow
passwords so that you don't get the password file.
Bad comments reveal the bad programmer.
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message
More information about the lfs-security