Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
Rainbow tables are hash-realpassword pairs and can be very fast in telling you the password given the hashed-password

Yes - I get that salting helps from attack using a rainbow table.

But passwords are typically rather short so not too difficult to crack by brute force. Assuming the password is made up only of upper case, lower case letters and numbers then there are only (!) 218,340,105,584,896 permutations. That is 628. Whilst that's a lots of permutations, I read recently that 2011 technology could run through all those in 23 minutes. Imagine what 2021 technology can do and there is no need to go through them all. You stop when you get it right!

So, to take a simple example - let's say the hashed password was 1234abcdxxyyzz. Without salting you assume a minimum length of 3 characters so start at aaa then aab, aac, etc. If instead you have salts stored in the same table as the hashed password you just add the salt to the end and try the permutations. So instead of aaa you try aaaSaLT123, aabSaLT123, etc. until you get the result 1234abcdxxyyzz.

Or am I missing something? Is that not how it works?

In reply to Re^3: Replacing crypt() for password login via a digest - looking for stronger alternative by Bod
in thread Replacing crypt() for password login via a digest - looking for stronger alternative by davebaker

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or or How to display code and escape characters are good places to start.
Log In?

What's my password?
Create A New User
Domain Nodelet?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (5)
As of 2021-10-21 19:17 GMT
Find Nodes?
    Voting Booth?
    My first memorable Perl project was:

    Results (83 votes). Check out past polls.