Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] KeePassX



On 07/23/2013 11:16 PM, Bill Horne wrote:
> the hashes allow a "Dictionary attack", where they just run every word 
> in the dictionary through a hash function, and see what matches.

It depends. Unsalted hashes are vulnerable to dictionary attacks with 
rainbow tables.  But the right (non-Microsoft) way to do it is to 
prepend a random salt to every password before hashing it.  Save the 
salt in the clear along with the hash.

When you want to authenticate, take the offered password, prepend the 
salt, hash it, and check against the saved hash.

Now if two different people have "password" as their matching passwords, 
the hashed versions still won't match because the salts will still be 
different.

If the salt (or nonce) is, say, 32-bits, you have just multiplied the 
needed size of the rainbow table by 4-billion.  Use a bigger salt and 
the needed rainbow table can be universes-bigger.


-kb




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org