[ale] unsalted hashes of 6 million linkedin passwords published on the internet
Tim Watts
tim at cliftonfarm.org
Fri Jun 8 08:54:39 EDT 2012
Thanks for this Mike. Great lesson as usual!
On Thu, 2012-06-07 at 22:56 -0400, Michael H. Warfield wrote:
RE Salts:
> So it prevents some optimization in brute forcing
> large tables of passwords (like the Linkedin dump).
I guess I don't quite see this. If the salt is invariably stored with
the hash this sounds a bit like claiming base64 is a form of encryption.
The only way I can make sense of this is if the encoding of or
association between the salt and hash is somehow a system secret. Or if
you don't know the hashes are salted. Am I missing something?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20120608/ac33bc63/attachment-0001.bin
More information about the Ale
mailing list