On 04/06/2011 08:19 PM, Aaron Toponce wrote:
[snip]
First, if you don't have the salt, but you do have the hash, then a rainbow
table attack is completely pointless. Reason being is rainbow tables store
hashes with a 1:1 ration to text. How the table is traversed is another
story, but the fact remains that one hash will lead you to one piece of
text. Now add a salt. If the salt is unknown, the length of the salt is
8 characters, and the characters used in the salt are [A-Za-z0-9./], or 64
characters, then there are effectively 64^8 possible hashes for one
The OS must store the salt somewhere, in order to correctly authenticate
the user when he logs in. But I've never heard of /etc/hashsalt so what
am I misunderstanding?
--
"Neither the wisest constitution nor the wisest laws will secure
the liberty and happiness of a people whose manners are universally
corrupt."
Samuel Adams, essay in The Public Advertiser, 1749
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4d9d1b22.2010...@cox.net
