Re:Both statements are fine -- salt explained
on
SHA-1 Broken
·
· Score: 2, Informative
Oh, yes you're right. I don't know what I was thinking. The purpose of salting is to discourage dictionary attacks, so that would-be attackers cannot compile a list of words and their associated hashes. The randomness of the salt value eliminates anything dictionary-like about the password. Right, there's no reason the salt itself cannot be published; the problem is still equivalent to finding a string ending with a given salt value that hashes to a given hash.
Both statements are fine -- salt explained
on
SHA-1 Broken
·
· Score: 4, Informative
Actually, both statements can coexist. In most password systems, the hash of the password itself is not stored; rather, it is a hash of the password concatenated with a string of random characters.
For example, if my password is "foobar", then the server does not store "8843d7f92416211de9ebb963ff4ce28125932878" as the hash, but perhaps the hash of "foobarDKTUHRAOHL" or "19747e26b86ee7939c046c0171a991926f0e01ae". The salt value "DKTUHRAOHL" is stored on the server and never revealed to anyone. So, even if somebody knows the hash value "19747...e01ae", they cannot come up with another string of characters that hashes to the same value, because even if they could, the value they enter in an attempt to hack my account is appended with "DKTUHRAOHL", rendering (almost certainly) a different hash value.
Now, if they know the salt value, the problem becomes equivalent to finding a string ending with "DKTUHRAOHL" that hashes to "19747...e01ae." However, if someone has gained access to a properly secured server's salt values, you have a large problem on your hands indeed.
So first they charge for UNsecurity tools, and now they want to charge for security tools! Why not let the two cancel each other out and not charge anything at all? Oh wait, wrong OS.
It is pitch black. You are likely to be eaten by a grue.
> what is a grue
The grue is a sinister, lurking presence in the dark places of the earth. Its favorite diet is adventurers, but its insatiable appetite is tempered by its fear of light. No grue has ever been seen by the light of day, and few have survived its fearsome jaws to tell the tale.
I was finishing up a new video card plus NIC upgrade and had them attached to the motherboard while I booted the PC. I thought I was being smart and saving time by not screwing the brackets to the case until this point. I was just getting started with the video card bracket, when the screwdriver slipped and the screw landed on the NIC. There was a big spark and a pop, and the whole system instantly shut down. I powered it back on, and everything was fine.
I've also removed RAM from a running 386. It froze, but both system and RAM were fine afterward.
It probably only seems faster at 5m00s because the road becomes more twisty, and there are suddenly trees on both sides of the road. With more visual cues to reference, the eye believes it's going faster.
Agree with parent. That's like typing 4-character words (with spaces) at a rate of 80 WPM, and a gamer doesn't even have both hands on the keyboard. I mean, I could easily hit ~7 actions per second in an all-out StarCraft attack: 1, rclick, 2, rclick, 3, rclick,... but I wouldn't be able to keep that up for a minute straight.
Slashdot Mirror
Skynet begins to learn at a geometric rate. It becomes self-aware at 2:14am Eastern Time....
Yes, that's just plane dumb. <ba-dum>
Oh, yes you're right. I don't know what I was thinking. The purpose of salting is to discourage dictionary attacks, so that would-be attackers cannot compile a list of words and their associated hashes. The randomness of the salt value eliminates anything dictionary-like about the password. Right, there's no reason the salt itself cannot be published; the problem is still equivalent to finding a string ending with a given salt value that hashes to a given hash.
For example, if my password is "foobar", then the server does not store "8843d7f92416211de9ebb963ff4ce28125932878" as the hash, but perhaps the hash of "foobarDKTUHRAOHL" or "19747e26b86ee7939c046c0171a991926f0e01ae". The salt value "DKTUHRAOHL" is stored on the server and never revealed to anyone. So, even if somebody knows the hash value "19747...e01ae", they cannot come up with another string of characters that hashes to the same value, because even if they could, the value they enter in an attempt to hack my account is appended with "DKTUHRAOHL", rendering (almost certainly) a different hash value.
Now, if they know the salt value, the problem becomes equivalent to finding a string ending with "DKTUHRAOHL" that hashes to "19747...e01ae." However, if someone has gained access to a properly secured server's salt values, you have a large problem on your hands indeed.
For comparison purposes, an NVIDIA GeForce 6800 GPU has 222 million transistors.
So first they charge for UNsecurity tools, and now they want to charge for security tools! Why not let the two cancel each other out and not charge anything at all? Oh wait, wrong OS.
This is slightly modified quote from our beloved Office Space.
Welcome to slashdot.
...as was an increase in shootings that occurred indoors.
13th root of 3109483495729034820985093459038095809384834987394
and a few seconds later, I've got a new world record! Amazing! Or. . . .
So, if you looked inside a pico-mandelbrot, would you see more pico-mandelbrots, or femto-mandelbrots? Or would they all look the same?
In space no one can hear you scream.
Yes, it was a questionable deed to deem 'deed' a verb,
indeed, I deem 'deem' more appropriate.
And then between steps 2 and 3, 3 and 4, and 4 and 5.
Next thing you know, there will be organic satellites named Spudnik.
tr/0/o/;
I was finishing up a new video card plus NIC upgrade and had them attached to the motherboard while I booted the PC. I thought I was being smart and saving time by not screwing the brackets to the case until this point. I was just getting started with the video card bracket, when the screwdriver slipped and the screw landed on the NIC. There was a big spark and a pop, and the whole system instantly shut down. I powered it back on, and everything was fine. I've also removed RAM from a running 386. It froze, but both system and RAM were fine afterward.
The downtime will be between 1090026000 and 1090036800.
You're forgetting the final step: profit!
I like to think that music is the language which can be spoken by all (in varying degrees of proficiency), but is understood by none.
It probably only seems faster at 5m00s because the road becomes more twisty, and there are suddenly trees on both sides of the road. With more visual cues to reference, the eye believes it's going faster.
Agree with parent. That's like typing 4-character words (with spaces) at a rate of 80 WPM, and a gamer doesn't even have both hands on the keyboard. I mean, I could easily hit ~7 actions per second in an all-out StarCraft attack: 1, rclick, 2, rclick, 3, rclick, ... but I wouldn't be able to keep that up for a minute straight.
What about "compassionate capitalist" ?