Password Hashes, Again
Gervase Markham
gerv at mozilla.org
Mon Apr 16 09:24:10 UTC 2012
On 16/04/12 07:05, Max Kanat-Alexander wrote:
> He explains that salting them doesn't matter, because he's talking
> about brute-force numbers. It would take exactly the same amount of time
> to brute-force our salted hashes as it would to brute-force unsalted
> hashes. Salting is only to stop rainbow tables, which (as the author
> points out) are now less practical than brute force.
Surely salting means you can only attack one password at once, whereas
not salting means you can attack them all in parallel?
Gerv
_______________________________________________
dev-apps-bugzilla mailing list
dev-apps-bugzilla at lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-apps-bugzilla
More information about the developers
mailing list