-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Pentchev escribió: > On Tue, May 06, 2008 at 04:52:31AM -0400, Faramir wrote: > [snip Sven Radde's explanations about the salt]
(removed the part where I say what I understood about salt) > It seems that you are missing another important point about the salt - > it is generated randomly each and every time something needs to be > encrypted :) There is no such thing as "the salt value for this user"; > every time this user wants to hash a password, the system generates > a random salt value and hashes this particular password, just this once, > with this value. Yes, that IS a very important point I was missing. And the real dimension of making pre computed rainbow tables useless... I found this: http://www.antsight.com/zsl/rainbowcrack/rcracktutorial.htm It have estimations of the time required to generate a set of tables for passwords 1-7 characters long, with just alpha characters, and with alpha+numeric characters. The second option (with a 666 Mhz computer, very slow by now, but it helps to get an idea of the required time) is more than 15 days! With some weak protected files, maybe it would be a lot faster to use bruteforce (in other hand, once the tables are ready, the required time to use them can be really short... but since salt ensure the tables can't be used more than once...). I know people who explained salt to me don't need this info, but maybe there are more people following this subject... Have a nice weekend ;) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJIJblBAAoJEIISGkVDGUEOagQH/jy4VJW+Vj5/kghfhRziHtkZ oo3ekMAmolbxWZZN3VAXVq6LQvrQWlwbTHsTzuN87EhgEGey6UwvM3VNRzi9Lane 8/k3Y3kszNWg/SvPfvz1MCDeFnIRyr6QoxA0U/8hVI2Co+224IXVu0yNZvs0JlnJ 93xQhLBcZixk19TOAgtL4qg9BOicbLks7hF6yPK5MsaNeA47x6bRkYcy8RipEWb6 VsJx14Fqn+gUAtLChn2DTBSnL4N5bfEZh3Sv9EUmR+Jr8WpC4u2DMVTePBwyPRS6 dHBX8UhgN7jzC+L24ELLCL/2NkTYnfjezSbbz63Q/T0e+mylFFY3GCubZKOShF8= =CZeZ -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
