Re: Values to use for a salt?

From: Chris Alfeld (calfeld_at_math.utah.edu)
Date: 12/17/03

  • Next message: Michael Wojcik: "RE: Values to use for a salt?" 
    Date: Wed, 17 Dec 2003 12:10:07 -0700 (MST)
To: Marian Ion <marian.ion@e-licitatie.ro>

    I think this is an example of strengthening the strongest link in the
    chain, which is pretty pointless while weak links remain. We're not going
    to start having users use 8-bit passwords so the password search space
    remains the same. While extending the salt to 8-bits would make a
    salt-space of 8^n instead of 7^n, which is a significant increase, 7^n is
    still a huge salt space. In any case, 7-bit vs 8-bit in no way addresses
    the problem that salts solve, namely preventing pre-crypting of entire
    dictionaries.

    > Don't you think using extendedASCII set will dramatically increase the
    > performance of any algorithm currently in use? Imagine what a pass like
    > "|¤W-|[V.|1D-|`â-|Ë3-|%-|F0-| " means for a cracker: (selected from line
    > 22 (I think...) from regedit.exe). Imagine using Unicode characters for keys
    > ...
    > Will you still need salt and others?

  • Next message: Michael Wojcik: "RE: Values to use for a salt?"