|
SoCoder -> Link Home -> Dev-News |
|
|
|
|
HoboBen
|
Enough With The Rainbow Tables: What You Need To Know About Secure Password Schemeshttps://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html |
|
|
|
Comments |
|
| Monday, 23 August 2010, 17:16 | |
JL235
|
Another nice article. I'm going to use the randomly generated salt on a site I'm currently building. I've heard about the time thing before, adding slowdown code to your password checks so it takes longer for the attacker to crack your system. But what makes this worse is that if you don't deliberately slow down your hashing code then the attacker can predict which hashing function your using and use this as a basis to attack you better. |
| Monday, 23 August 2010, 17:23 | |
HoboBen
|
Hmm. And not just artificial slow downs, you want the slow down to be integral to the hashing algorithm (either by design (e.g. blowfish) or by repeating the hash) I can't remember the second article I found, but since you can incrementally hash with some algos, a salt isn't enough. Instead, hash the password/message, *then* add the salt, then hash twice more. This is done not so much to protect passwords but to protect messages that have hash signatures. |
|
| |||
|
| ||||
Undock Sidebar
Log in
Register
Recent Uploads
spinal
angry dialog 01 test
spinal
angry dialog 01 test
spinal
glasses test
steve_ancell
IMG 202404 ... 104348 349
cyangames
snaphappy
Pakz
IMG 3178Spritegen
Pakz
IMG 0460Userint
spinal
nerdly error 1
spinal
blitz3d error array
Pakz
pixelArtPoster26x6
Log in
Register
Recent Uploads
spinal
angry dialog 01 test
spinal
angry dialog 01 test
spinal
glasses test
steve_ancell
IMG 202404 ... 104348 349
cyangames
snaphappy
Pakz
IMG 3178Spritegen
Pakz
IMG 0460Userint
spinal
nerdly error 1
spinal
blitz3d error array
Pakz
pixelArtPoster26x6