Password Hashes, Again

Gervase Markham gerv at mozilla.org
Mon Apr 16 09:24:10 UTC 2012


On 16/04/12 07:05, Max Kanat-Alexander wrote:
> 	He explains that salting them doesn't matter, because he's talking
> about brute-force numbers. It would take exactly the same amount of time
> to brute-force our salted hashes as it would to brute-force unsalted
> hashes. Salting is only to stop rainbow tables, which (as the author
> points out) are now less practical than brute force.

Surely salting means you can only attack one password at once, whereas 
not salting means you can attack them all in parallel?

Gerv

_______________________________________________
dev-apps-bugzilla mailing list
dev-apps-bugzilla at lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-apps-bugzilla



More information about the developers mailing list