Re: (Ovid) Re: Re: Lesson Four, Part 2 of online CGI course


Think about Loose Coupling
	PerlMonks

Re: (Ovid) Re: Re: Lesson Four, Part 2 of online CGI course

by thraxil (Prior)

on Jan 07, 2002 at 10:34 UTC ( [id://136790]=note: print w/replies, xml )

Need Help??

in reply to (Ovid) Re: Re: Lesson Four, Part 2 of online CGI course
in thread Lesson Four, Part 2 of online CGI course

if the salt were secret, how would you ever check the user's password?

the salt exists to keep dictionary attacks from being ridiculously efficient. imagine if there were no salt in the unix crypt scheme. i could calculate the hash of every word in the dictionary ahead of time and then simply compare that one list against every /etc/passwd i come across. if i were good, i could probably even remember the hash of a few of the more common passwords and be able to get an account here and there just by glancing at the passwd file. the salt just makes it so i have to run crypt on every word in the dictionary for each password i encounter because it has a different salt. no matter what i've always got to do some work.

anders pearson

Comment on Re: (Ovid) Re: Re: Lesson Four, Part 2 of online CGI course

In Section Meditations

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://136790]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others imbibing at the Monastery: (4)

As of 2025-04-29 23:59 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

No recent polls found

Notices^?

	• erzuuli	‥ Anonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.