Re: Hashed password secure?
From: Tom St Denis (tom_at_securescience.net)
Date: 06/29/04
- Next message: Matthijs Hebly: "Re: Hashed password secure?"
- Previous message: Matthijs Hebly: "Re: Hashed password secure?"
- In reply to: Matthijs Hebly: "Re: Hashed password secure?"
- Next in thread: Matthijs Hebly: "Re: Hashed password secure?"
- Reply: Matthijs Hebly: "Re: Hashed password secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Jun 2004 21:56:17 GMT
Matthijs Hebly wrote:
> Bill Unruh schreef:
>>
>> ]Correction: my suggestyion would run it
>> ]*Random(SomeNumberDependentOnCPUSpeed)* times. Which, IMHO, makes it
>> ](almost) impossible for some attacker to create a dictionary of hashes
>>
>> It also makes it completely non-portable. And has the danger that when
>> you replace your machine, suddenly no password, including root's, works.
> I don't see how this is in any way platform dependent...
> Why is hashing in itself platform *in*dependent, but hashing a random
> number of times, or with a random salt suddenly platform *dependent*?!?
> Plz explane.
...SomeNumberDependentOnCPUSpeed
Presumably my Barton 3200+ and my P4 2.8C have different values of
"cpuspeed". That makes it non-portable.
>> Bad idea.
> Thanx. I'll implement it anyway, and let you know how it works...
You do that. Nobody will use your software so in the grand scheme of things
it makes no difference anyways.
Tom
- Next message: Matthijs Hebly: "Re: Hashed password secure?"
- Previous message: Matthijs Hebly: "Re: Hashed password secure?"
- In reply to: Matthijs Hebly: "Re: Hashed password secure?"
- Next in thread: Matthijs Hebly: "Re: Hashed password secure?"
- Reply: Matthijs Hebly: "Re: Hashed password secure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
