disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of T Biehn
Sent: Tuesday, 11 August 2009 6:51 AM
To: valdis.kletni...@vt.edu
Cc: full-disclosure
Subject: Re: [Full-disclosure] Salted passwords
Valdis,
I don't have control over the set. Sorry I wasn&#
Thank you for the thoughtful analysis Raid. The hash and salt are both
known to the attacker :)
It looks like I'm going to have to settle with confounding efforts by
the man via increased hash computation cost.
-Travis
On Mon, Aug 10, 2009 at 6:53 PM, wrote:
> -BEGIN PGP SIGNED MESSAGE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Travis,
On Mon, 10 Aug 2009 22:50:32 +0200 T Biehn wrote:
>I don't have control over the set. Sorry I wasn't more explicit
>about
>this. Although, it should have been obvious that the solution
>needed
>to satisfy the conditions:
>Data to one way hash
Valdis,
I don't have control over the set. Sorry I wasn't more explicit about
this. Although, it should have been obvious that the solution needed
to satisfy the conditions:
Data to one way hash.
The set has 9,999,999,999 members.
Thanks for your input sweetie!
-Travis
On Mon, Aug 10, 2009 at 4:
On Sun, 09 Aug 2009 20:14:57 EDT, T Biehn said:
> Soliciting random suggestions.
> Lets say I have data to one-way-hash.
> The set has 9,999,999,999 members.
Actually, if you're using a 10-digit decimal field, you probably have 10**10
possible members - all-zeros counts too (unless there's *other*
I'm flattered; If you only knew what it was for...
IHBT?
-Travis
On Mon, Aug 10, 2009 at 12:08 PM, wrote:
> AntiSec would like to approach you by telling you to keep you
> whitehat filty ass off our list, Travis.
>
> Have a nice day sucking off Aitel.
>
> On Sun, 09 Aug 2009 20:14:57 -0400 T Bie
AntiSec would like to approach you by telling you to keep you
whitehat filty ass off our list, Travis.
Have a nice day sucking off Aitel.
On Sun, 09 Aug 2009 20:14:57 -0400 T Biehn wrote:
>Soliciting random suggestions.
>Lets say I have data to one-way-hash.
>The set has 9,999,999,999 members.
Richard,
The approach I outline in my post is the correct one, that is, making
it computationally expensive to crack. I'm not trying to protect
passwords, think anonymizing account numbers and the like.. That is,
the possible combinations are a set that is unacceptably small.
Without an expensive c
Soliciting random suggestions.
Lets say I have data to one-way-hash.
The set has 9,999,999,999 members.
It's relatively easy to brute force this, or create precomp tables.
So you add a salt to each.
Still easy to brute force.
If you were to create it in such a way that the hash could exist
anywhere
