[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Salted passwords

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Salted passwords
From: antisec@xxxxxxxxxxxx
Date: Mon, 10 Aug 2009 12:08:21 -0400

AntiSec would like to approach you by telling you to keep you 
whitehat filty ass off our list, Travis.

Have a nice day sucking off Aitel.

On Sun, 09 Aug 2009 20:14:57 -0400 T Biehn <tbiehn@xxxxxxxxx> wrote:
>Soliciting random suggestions.
>Lets say I have data to one-way-hash.
>The set has 9,999,999,999 members.
>It's relatively easy to brute force this, or create precomp 
>tables.
>So you add a salt to each.
>Still easy to brute force.
>If you were to create it in such a way that the hash could exist
>anywhere in the set member, does this increase the cost of 
>computation
>enough?
>
>That is, consider a member 'abcdefg' with salt 329938255.
>When authenticating against the server, it must permute over all
>possible combinations of the salt and the set member in order to
>determine the validity of the password.
>
>If anyone has a better approach, or would like to approach me off
>list, or knows of a list more suited to these queries please feel 
>free
>to redirect me :)
>
>-Travis
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Salted passwords
  - From: T Biehn

Prev by Date: Re: [Full-disclosure] Ureleet is the Anti-Sec
Next by Date: Re: [Full-disclosure] Salted passwords
Previous by thread: Re: [Full-disclosure] Salted passwords
Next by thread: Re: [Full-disclosure] Salted passwords
Index(es):
- Date
- Thread