[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Salted passwords



Soliciting random suggestions.
Lets say I have data to one-way-hash.
The set has 9,999,999,999 members.
It's relatively easy to brute force this, or create precomp tables.
So you add a salt to each.
Still easy to brute force.
If you were to create it in such a way that the hash could exist
anywhere in the set member, does this increase the cost of computation
enough?

That is, consider a member 'abcdefg' with salt 329938255.
When authenticating against the server, it must permute over all
possible combinations of the salt and the set member in order to
determine the validity of the password.

If anyone has a better approach, or would like to approach me off
list, or knows of a list more suited to these queries please feel free
to redirect me :)

-Travis

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/