[ale] unsalted hashes of 6 million linkedin passwords published on the internet
Tim Watts
tim at cliftonfarm.org
Fri Jun 8 10:11:22 EDT 2012
On Fri, 2012-06-08 at 09:16 -0400, Stephen Haywood wrote:
> > I guess I don't quite see this. If the salt is invariably stored with
> > the hash this sounds a bit like claiming base64 is a form of encryption.
> > The only way I can make sense of this is if the encoding of or
> > association between the salt and hash is somehow a system secret. Or if
> > you don't know the hashes are salted. Am I missing something?
> >
>
> If the passwords were salted then I wouldn't be able to hash the
> password "password" and test it against all 6.5 million hashes. I
> would have to hash the word "password" with the salt and test it
> against the first hash. Then I would have to hash the word "password"
> with the next salt and test it against the next hash. This
> exponentially increases the work necessary to crack the 6.5 million
> passwords. If someone were targeting a single password then it would
> make no difference.
>
>
Got it. Thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20120608/0db86a6f/attachment.bin
More information about the Ale
mailing list