Again, you haven't taken the time to understand what I have said. What you've been complaining about is only valid if you use the same salt for every password.
Having a salt be a function of the password is not the same thing as having the same salt for every password. On Jul 31, 12:31 am, Jonathan Lundell <jlund...@pobox.com> wrote: > On Jul 31, 2009, at 12:16 AM, Bottiger wrote: > > > > >> If the attacker knows (by reading the web2py source) that you're, > >> say, > >> concatenating the base password three times, then he knows that you > >> haven't increased the password space by even one entry: there's a 1:1 > >> mapping between base passwords and transformed passwords. > > > So far you have kept on ignoring the gist of the problem. If the > > attacker has access to the salt, it doesn't matter whether or not you > > know the relationship between the password and the salt because you > > already know the salt. The attacker could not care less about whether > > you used a random number generator or a function related to the > > password. > > >> If the attacker knows (by reading the web2py source) that you're, > >> say, > >> concatenating the base password three times, then he knows that you > >> haven't increased the password space by even one entry: there's a 1:1 > >> mapping between base passwords and transformed passwords. > > > Can you please actually take some time to understand my previous > > comments? You could use a random 10000000000 byte salt, and it > > wouldn't increase your password space for that password. All the > > attacker needs to do is this: > > > for candidate in permutations(alphanumeric_and_symbols): > > if md5(candidate+salt) == hash: return candidate > > > This is the same brute force method that would be used when you have a > > completely random salt or a salt based on the password itself. Again I > > repeat, the attacker could not care less about whether you used a > > random number generator or a function related to the password. > > The difference is that with a deterministic transform of the password > (this includes static salt, or salt that's a function of the base > password), the attacker performs your loop once and solves every > password in his list. And the loop result can be precomputed into a > rainbow table. > > With random salt, the attacker must perform the loop (and it's a long > loop) once for every hash he wants to attack. And the loop result > cannot (practically) be precomputed. > > OK? Deterministic transform means that one pass through the loop, > precomputed, breaks all passwords in the permutation dictionary. > > Random salt means that one pass through the loop breaks *one* password > *if* it's in the permutation dictionary. And it can't be precomputed. > > Again, it's no substitute for a strong password. But it helps. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---