>If the attacker knows (by reading the web2py source) that you're, say, >concatenating the base password three times, then he knows that you >haven't increased the password space by even one entry: there's a 1:1 >mapping between base passwords and transformed passwords.
So far you have kept on ignoring the gist of the problem. If the attacker has access to the salt, it doesn't matter whether or not you know the relationship between the password and the salt because you already know the salt. The attacker could not care less about whether you used a random number generator or a function related to the password. > If the attacker knows (by reading the web2py source) that you're, say, > concatenating the base password three times, then he knows that you > haven't increased the password space by even one entry: there's a 1:1 > mapping between base passwords and transformed passwords. Can you please actually take some time to understand my previous comments? You could use a random 10000000000 byte salt, and it wouldn't increase your password space for that password. All the attacker needs to do is this: for candidate in permutations(alphanumeric_and_symbols): if md5(candidate+salt) == hash: return candidate This is the same brute force method that would be used when you have a completely random salt or a salt based on the password itself. Again I repeat, the attacker could not care less about whether you used a random number generator or a function related to the password. On Jul 30, 11:52 pm, Jonathan Lundell <jlund...@pobox.com> wrote: > On Jul 30, 2009, at 11:43 PM, Bottiger wrote: > > > > >> Dictionary attacks work for short > >> passwords, but are impractical against longer passwords. A password > >> using letters, numbers and a few special characters carries in excess > >> of 6 bits of information per character. 10 bytes of password plus 10 > >> bytes of random salt gives us 120 bits total, for a dictionary space > >> of 2^120 hashes. > > >> On the other hand, a hash of a > >> single deterministic transform of each password requires one hash per > >> password. > > > This entire argument is wrong because the salt is in plaintext and > > available to the attacker when the DB is compromised. You are not > > increasing the search space when you add a salt in a rainbow hash > > attack because the attacker already knows the salt. If you want to > > make the search space larger, you need to increase the size of the > > password **prior** to hashing, not after it is hashed. > > Better passwords are more secure, yes. > > Making a password bigger by means of a deterministic transform of a > short password is of no help whatsoever (unless you keep the transform > a secret, of course, but nobody is proposing that). > > If the attacker knows (by reading the web2py source) that you're, say, > concatenating the base password three times, then he knows that you > haven't increased the password space by even one entry: there's a 1:1 > mapping between base passwords and transformed passwords. > > That's the problem. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---