On Dec 11, 2012, at 10:21 PM, Ken Dibble <[email protected]> wrote:
> So that being the case, if you steal the table containing these strings, then
> you can parse out the salt and use it for a dictionary attack on passwords.
Good luck with that. The whole point is that to make such an attack,
even if possible, so terribly expensive and time-consuming that it isn't worth
the effort. Read up on what it would take to do what you think it would take to
reverse-engineer the salt from a table of bcrypt hashes, and then tell me how
vulnerable this is.
-- Ed Leafe
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
