OT: Salted Hashes and dictionary attacks

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

OT: Salted Hashes and dictionary attacks

Sascha Kiefer
Hi.

I'm i right:

We calculate the salted hash d of the password p and the salt s using the
hash-function H like this:

d = H( p + s ) + s

This will have the affect that d != H( p + s' ) + s' (only if s != s') but
will not protect us against a dictionary attack
since we can easily precompute H( w_i ) where w_i is the ith word of our
dictionary and then just have to validate d == H( H( w_i ) + s ) !?!

Thanks.
--sk


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]