On 05/30/2012 02:59 PM, Nico Williams wrote:
This is why salting is important. They should not be able to build a single rainbow table that works for all cases.
In order to be useful, the salt has to be large enough to not have large numbers of collisions across large user populations. Ideally it should be out of brute force range, or else the attacker can just fix a password and construct his rainbow table over the salt possibilities.
This implies that a maximally-effective salt will be larger than a user is able to remember, but the explicit goal of this scheme was to avoid persistent state on the device. If we're willing to give up this design goal, we'd probably be better off building a proper encrypted password manager app instead.
There may still be value in hashing in the username, but only in the aggregate. I don't see that it helps the targeted user case much.
- Marsh _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
