Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re^4: Replacing crypt() for password login via a digest - looking for stronger alternative

by bliako (Monsignor)
on Jun 24, 2021 at 13:19 UTC ( #11134255=note: print w/replies, xml ) Need Help??


in reply to Re^3: Replacing crypt() for password login via a digest - looking for stronger alternative
in thread Replacing crypt() for password login via a digest - looking for stronger alternative

I believe the difference (using average hardware) between brute-forcing (which involves hashing each candidate password) and rainbow-ing (which involves just a dictionary lookup) is a lot in terms of time. But I don't have the numbers nor the time to benchmark right now. Time is important in that a db breach will sooner or later be noticed (well...), so it's a race against the user getting notified by db admin and changing their password. Also note that salts can be mixed within the password. Or placed either at the beginning or the end or both. These methods require the hacker to also have access to the in-house algorithm for salting the password, i.e. where and how to intermix. Which depends on many factors.

  • Comment on Re^4: Replacing crypt() for password login via a digest - looking for stronger alternative

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11134255]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (2)
As of 2021-10-17 02:34 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My first memorable Perl project was:







    Results (71 votes). Check out past polls.

    Notices?