Matthias Benkmann matthias at winterdrache.de
Thu Jan 17 09:02:26 PST 2002

On 17 Jan 2002, at 10:47, Bruce Dubbs wrote:

> password?  If you were cracking passwords a lot, you could just generate
> all combinations up to a certain length on a large hard disk and do a
> binary search on the digest and get any of those PWs in less than a second.

To prevent this, a so-called salt is used. You do not only encrypt the 
password, you first concatenate it with a (pseudo-)random salt string that 
is saved together with the encrypted string. In order for the above scheme 
to work you will have to generate encryptions of all passwords combined 
with all salt strings. That increases the number of data extremely. The 
amount of storage needed is (still) too expensive to be used exclusively 
for cracking, especially since all sites worth cracking use shadow 
passwords so that you don't get the password file.


Bad comments reveal the bad programmer.

Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message

More information about the lfs-security mailing list