store the salt in plain text along with the hashed salted password,
but then surely that defeats the object - your attacker just needs to
prepend or append any dictionary words with that salt and hash the
result before comparing to your stored password.
Yes, but if each password uses a different salt, it is harder to
attack a lot of passwords at once. You don't want someone
to just hash every word in the dictionary, and then compare
those hashes to your list of password hashes.
Re: Importance of salt ... That is the problem with using one-way hash... The salt is used on ... The attacker really couldn't use his ... > even knows the correct iteration count used. ... (microsoft.public.dotnet.security)
Re: Newbie - Is this Reasonable? ...PKCS5v2 to generate your IVs and Keys. ... I use PKCS5v2 to generate the hash of each user's login ... So you use PKCS5v2 to generate a key hash from a salt and ... themselves to off-line analysis, so the attacker can ... (sci.crypt)
Re: Hashed password secure? ... ]> The stupidly written BSD md5 based unix password function simply runs the ... ]> hash 1000 times to try to slow it down. ... ]impossible for some attacker to create a dictionary of hashes ... As machines get faster, the salt will get more bits, so it ... (sci.crypt)
Re: password salting ... For attacker, I assume pre-computed hash tables are just not that helpful ... You can only add so many iterations to ... |> If you have the salt and the hash, the salt does not make attacking ... (microsoft.public.dotnet.security)
Re: Hashed password secure? ... > Consider the way that a typical password hash attack program works. ... > the salt, and then it hashes the dictionary once for each unique salt value ... So the attacker has to hash the dictionary 2^16 ... want to not store his dictionaries, he'd have to try on average half his ... (sci.crypt)
