Password Hashes, Again

Gervase Markham gerv at
Mon Apr 16 09:24:10 UTC 2012

On 16/04/12 07:05, Max Kanat-Alexander wrote:
> 	He explains that salting them doesn't matter, because he's talking
> about brute-force numbers. It would take exactly the same amount of time
> to brute-force our salted hashes as it would to brute-force unsalted
> hashes. Salting is only to stop rainbow tables, which (as the author
> points out) are now less practical than brute force.

Surely salting means you can only attack one password at once, whereas 
not salting means you can attack them all in parallel?


dev-apps-bugzilla mailing list
dev-apps-bugzilla at

More information about the developers mailing list