On Fri, Jul 31, 2009 at 2:31 AM, Jonathan Lundell <[email protected]>wrote:
> > On Jul 31, 2009, at 12:16 AM, Bottiger wrote: > > ..... > The difference is that with a deterministic transform of the password > (this includes static salt, or salt that's a function of the base > password), the attacker performs your loop once and solves every > password in his list. And the loop result can be precomputed into a > rainbow table. How do you figure? If the salt is different, and is based on the "solution" of the hash, then how does having an algorithm to extract the salt help? You cannot use the last salt to help; you have to solve the next hash to get it's value (you can check it after). Am I missing something? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
