|
|
Security Basics
Hashing passwords Jun 11 2012 05:33PM haZard0us (hazard0us pt gmail com) (3 replies) Re: Hashing passwords Jun 11 2012 05:55PM Ansgar Wiechers (bugtraq planetcobalt net) (2 replies) Re: Hashing passwords Jun 11 2012 06:32PM Rory Browne (rbmlist gmail com) (1 replies) RE: Hashing passwords Jun 12 2012 01:54PM Liam Randall (Liam Randall gigaco com) (1 replies) Re: Hashing passwords Jun 12 2012 05:39PM martin mngoma gmail com (1 replies) Re: Hashing passwords Jun 12 2012 06:30PM Kai Wirt (u-turn1 gmx de) (2 replies) Re: Hashing passwords Jun 12 2012 11:07PM Kurt Buff (kurt buff gmail com) (2 replies) |
|
Privacy Statement |
> On 2012-06-11 haZard0us wrote:
> > This may well be a silly question but, with this recent hashed
> > password leakage, I want to ask something about properly hashing.
> >
> > The "manuals" say that we should create a salt and then hash it. But,
> > since calculating an hash is a "relative simple" operation (in matter
> > of processing power), is hashing two or three times the password (hash
> > over hash) a "kind of" secure method or it is as weak as not using
> > salt at all?
> >
> > It can still be cracked but...
>
> Yes, it can still be cracked. However, salting passwords defeats the
> advantages gained from using rainbow tables, so cracking the password
> will still take a significantly longer time than it would for an
> unsalted password.
>
> Regards
> Ansgar Wiechers
To the question with hash over hash: As this increases the time required to
test a password this is used to make brute-force attacks more
expensive.
Regards
Kai
--
"They that give up essential liberties to obtain a little temporary safety deserve neither liberty nor safety."
Bemjamin Franklin
PGP Fingerprint: 8416 F8F7 4E84 0500 351B 435D 8A2D 5545 3D36 FD29
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (OpenBSD)
iF4EAREIAAYFAk/WQusACgkQ0CtbV8QZt1LxHwD/SsQA6aRGpVTxX6XwMpS6vwhh
zOAfz+sqmg59lPZtCXYA/2bnkAtZPIzayLW/esqHHoORct6FJMZ5WS0fMhVXNp/9
=Ibl5
-----END PGP SIGNATURE-----
[ reply ]