Password Hashes, Again

Daniel Berlin dberlin at dberlin.org
Mon Apr 16 12:01:04 UTC 2012


2012/4/16 Frédéric Buclin <lpsolit at gmail.com>:
> Le 16. 04. 12 08:05, Max Kanat-Alexander a écrit :
>> about brute-force numbers. It would take exactly the same amount of time
>> to brute-force our salted hashes as it would to brute-force unsalted
>> hashes.
>
> I don't think that's true. At least not without knowing the salt first.
>
> LpSolit

Most salts are stored along with the password database.
The point of having a salt is to make lookup tables expensive to
compute, not to be secret.



More information about the developers mailing list