
Pathologically Eclectic Rubbish Lister
	PerlMonks

Re: (Ovid) Re: Re: Lesson Four, Part 2 of online CGI course

by thraxil (Prior)

on Jan 07, 2002 at 05:34 UTC ( [id://136790]=note: print w/replies, xml )

Need Help??

This is an archived low-energy page for bots and other anonmyous visitors. Please sign up if you are a human and want to interact.

in reply to (Ovid) Re: Re: Lesson Four, Part 2 of online CGI course
in thread Lesson Four, Part 2 of online CGI course

if the salt were secret, how would you ever check the user's password?

the salt exists to keep dictionary attacks from being ridiculously efficient. imagine if there were no salt in the unix crypt scheme. i could calculate the hash of every word in the dictionary ahead of time and then simply compare that one list against every /etc/passwd i come across. if i were good, i could probably even remember the hash of a few of the more common passwords and be able to get an account here and there just by glancing at the passwd file. the salt just makes it so i have to run crypt on every word in the dictionary for each password i encounter because it has a different salt. no matter what i've always got to do some work.

anders pearson

Comment on Re: (Ovid) Re: Re: Lesson Four, Part 2 of online CGI course

In Section Meditations

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://136790]
help

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Notices^?

	• hippo	‥ epoptai's answer Re: how do I set a cookie and redirect was blessed by hippo!
	• erzuuli	‥ Anonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.