[LINK] Why passwords have never been weaker—and crackers have never been stronger
Rick Welykochy
rick at vitendo.ca
Tue Aug 28 04:30:01 AEST 2012
Martin Barry wrote:
> But the point of the article is that Moore's law has caught up with salting
> + fast hashing algos which makes it sane to just brute force attack rather
> than pre-compute rainbow tables. You actually need salting + a *slow*
> hashing algo.
The article did not articulate the valuelessness of salt, imho. On rereading,
it seems to give a lot of credence to salt.
Whereas the excellent reference about bcrypt you posted below does make the
point emphatically.
Slow slated hashing seems to be a good defense against brute force attacks in
the face of Moore's law.
> Required reading for all: http://codahale.com/how-to-safely-store-a-password/
Thanks for the reference. And written in 1999.
cheers
rickw
--
------------------------------------
Rick Welykochy || Vitendo Consulting
A dyslexic man walks into a bra.
More information about the Link
mailing list