[38535] in bugtraq
Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords
daemon@ATHENA.MIT.EDU (Jim Knoble)
Fri Apr 22 14:18:32 2005
Date: Thu, 21 Apr 2005 17:14:35 -0400
From: Jim Knoble <jmknoble@pobox.com>
To: bugtraq@securityfocus.com
Message-ID: <20050421211435.GU24966@crawfish.ais.com>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <00ed01c546a7$e067d0f0$021f10ac@bitchin>
Circa 2005-04-21 dixit Mike Fratto:
:
: > I thought the idea of the salt was to aid in expanding the
: > keyspace. Even though the salt is known (in traditional Unix
: > passwd/shadow/master.passwd databases,
:
: I am pretty sure the intent the salt is to make pre-computation of a
: dictionaries infeasable due to storage requirements. It doesn't really add
: to the keyspace because the salt is known and doesn't have to be guessed.
... which is exactly what i was speaking of. The salt increases the
keyspace for the precomputed table of password hashes. The conversation
was not about brute force attacks....
--
jim knoble | jmknoble@pobox.com | http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 809F:09B9:9686:D035:4AB0::9455:124B:0A62:DD6A:76D6)
.....................................................................
:"The methods now being used to merchandise the political candidate :
: as though he were a deodorant positively guarantee the electorate :
: against ever hearing the truth about anything." --Aldous Huxley :
:...................................................................:
