On Jul 31, 2009, at 12:38 AM, Yarko Tymciurak wrote: > On Fri, Jul 31, 2009 at 2:31 AM, Jonathan Lundell > <[email protected]> wrote: > > On Jul 31, 2009, at 12:16 AM, Bottiger wrote: > > ..... > The difference is that with a deterministic transform of the password > (this includes static salt, or salt that's a function of the base > password), the attacker performs your loop once and solves every > password in his list. And the loop result can be precomputed into a > rainbow table. > > How do you figure? If the salt is different, and is based on the > "solution" of the hash, > then how does having an algorithm to extract the salt help? You > cannot use the last > salt to help; you have to solve the next hash to get it's value > (you can check it after). > > Am I missing something?
Give me a specific example of the salted hash function you'd use for this mechanism, please. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
