On Jul 31, 2009, at 12:16 AM, Bottiger wrote: >> If the attacker knows (by reading the web2py source) that you're, >> say, >> concatenating the base password three times, then he knows that you >> haven't increased the password space by even one entry: there's a 1:1 >> mapping between base passwords and transformed passwords. > > So far you have kept on ignoring the gist of the problem. If the > attacker has access to the salt, it doesn't matter whether or not you > know the relationship between the password and the salt because you > already know the salt. The attacker could not care less about whether > you used a random number generator or a function related to the > password. > >> If the attacker knows (by reading the web2py source) that you're, >> say, >> concatenating the base password three times, then he knows that you >> haven't increased the password space by even one entry: there's a 1:1 >> mapping between base passwords and transformed passwords. > > Can you please actually take some time to understand my previous > comments? You could use a random 10000000000 byte salt, and it > wouldn't increase your password space for that password. All the > attacker needs to do is this: > > for candidate in permutations(alphanumeric_and_symbols): > if md5(candidate+salt) == hash: return candidate > > This is the same brute force method that would be used when you have a > completely random salt or a salt based on the password itself. Again I > repeat, the attacker could not care less about whether you used a > random number generator or a function related to the password.
The difference is that with a deterministic transform of the password (this includes static salt, or salt that's a function of the base password), the attacker performs your loop once and solves every password in his list. And the loop result can be precomputed into a rainbow table. With random salt, the attacker must perform the loop (and it's a long loop) once for every hash he wants to attack. And the loop result cannot (practically) be precomputed. OK? Deterministic transform means that one pass through the loop, precomputed, breaks all passwords in the permutation dictionary. Random salt means that one pass through the loop breaks *one* password *if* it's in the permutation dictionary. And it can't be precomputed. Again, it's no substitute for a strong password. But it helps. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
