Can you please take some time to actually understand the situation. Every time you keep repeating the same factually incorrect statements.
md5(password1+password1) password1 is not the same as md5(password2+password2) > Suppose you have a dictionary of 1,000,000 weak passwords and precompute > their 1,000,000 hashes. How many hashes do you need to precompute? 1,000,000. Is there a point in there somewhere? Your suggestion: md5(password+random)+random (BTW systems use md5(password+random), the extra random is useless) The attacker knows what random is. It is not random anymore. This is what the attacker sees: md5(password+characters_in_db)+characters_in_db Suppose you have a dictionary of 1,000,000 weak passwords and precompute their 1,000,000 hashes. How many hashes do you need to precompute with your idea? 1,000,000. There is no difference. And this is the last thing I will say about this matter. On Jul 31, 1:19 am, Jonathan Lundell <jlund...@pobox.com> wrote: > On Jul 31, 2009, at 12:48 AM, Jonathan Lundell wrote: > > > > > On Jul 31, 2009, at 12:38 AM, Yarko Tymciurak wrote: > > >> On Fri, Jul 31, 2009 at 2:31 AM, Jonathan Lundell > >> <jlund...@pobox.com> wrote: > > >> On Jul 31, 2009, at 12:16 AM, Bottiger wrote: > > >> ..... > >> The difference is that with a deterministic transform of the password > >> (this includes static salt, or salt that's a function of the base > >> password), the attacker performs your loop once and solves every > >> password in his list. And the loop result can be precomputed into a > >> rainbow table. > > >> How do you figure? If the salt is different, and is based on the > >> "solution" of the hash, > >> then how does having an algorithm to extract the salt help? You > >> cannot use the last > >> salt to help; you have to solve the next hash to get it's value > >> (you can check it after). > > >> Am I missing something? > > > Give me a specific example of the salted hash function you'd use for > > this mechanism, please. > > ...and let me set some context. > > The default CRYPT() right now is md5(password). > > Bottinger's proposal that I originally objected to was: > > md5(password+password[-1]) > > He later suggested that "you could double or triple the original > password before putting it through the hash", so > > md5(password+password) > > or md5(password*3) > > Suppose you have a dictionary of 1,000,000 weak passwords and > precompute their 1,000,000 hashes. > > Now suppose you want to attack md5(password+password). How many hashes > do you need to precompute? 1,000,000. > > I'm suggesting (sticking with md5 for comparability): > > md5(password+random)+random > > ...where random is randomly chosen for each new password. > > You're suggesting? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
