Ah, someone here finally understands me.
On Jul 31, 12:38 am, Yarko Tymciurak <yark...@gmail.com> wrote:
> On Fri, Jul 31, 2009 at 2:31 AM, Jonathan Lundell <jlund...@pobox.com>wrote:
>
>
>
> > On Jul 31, 2009, at 12:16 AM, Bottiger wrote:
>
> > .....
> > The difference is that with a deterministic transform of the password
> > (this includes static salt, or salt that's a function of the base
> > password), the attacker performs your loop once and solves every
> > password in his list. And the loop result can be precomputed into a
> > rainbow table.
>
> How do you figure? If the salt is different, and is based on the "solution"
> of the hash,
> then how does having an algorithm to extract the salt help? You cannot use
> the last
> salt to help; you have to solve the next hash to get it's value (you can
> check it after).
>
> Am I missing something?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
