Security Basics mailing list archives
Re: Hashing passwords
From: Kai Wirt <u-turn1 () gmx de>
Date: Mon, 11 Jun 2012 21:11:39 +0200
On Mon, Jun 11, 2012 at 07:55:34PM +0200, Ansgar Wiechers wrote:
On 2012-06-11 haZard0us wrote:This may well be a silly question but, with this recent hashed password leakage, I want to ask something about properly hashing. The "manuals" say that we should create a salt and then hash it. But, since calculating an hash is a "relative simple" operation (in matter of processing power), is hashing two or three times the password (hash over hash) a "kind of" secure method or it is as weak as not using salt at all? It can still be cracked but...Yes, it can still be cracked. However, salting passwords defeats the advantages gained from using rainbow tables, so cracking the password will still take a significantly longer time than it would for an unsalted password. Regards Ansgar Wiechers
To the question with hash over hash: As this increases the time required to test a password this is used to make brute-force attacks more expensive. Regards Kai -- "They that give up essential liberties to obtain a little temporary safety deserve neither liberty nor safety." Bemjamin Franklin PGP Fingerprint: 8416 F8F7 4E84 0500 351B 435D 8A2D 5545 3D36 FD29
Attachment:
_bin
Description:
Current thread:
- Re: Hashing passwords, (continued)
- Re: Hashing passwords Rory Browne (Jun 11)
- RE: Hashing passwords Liam Randall (Jun 12)
- Re: Hashing passwords martin . mngoma (Jun 12)
- Re: Hashing passwords Kai Wirt (Jun 12)
- Re: Hashing passwords Kurt Buff (Jun 12)
- Re: Hashing passwords Ansgar Wiechers (Jun 13)
- Re: Hashing passwords Kurt Buff (Jun 13)
- Re: Hashing passwords Alexander Klimov (Jun 13)
- Re: Hashing passwords Rory Browne (Jun 11)
- RE: Hashing passwords Mikhail A. Utin (Jun 13)
- Re: Hashing passwords Kai Wirt (Jun 13)
- Re: Hashing passwords gold flake (Jun 12)
- Re: Hashing passwords Kai Wirt (Jun 12)
- Message not available
- Re: Hashing passwords Jennifer Wachter (Jun 12)
- RE: Hashing passwords Dave Kleiman (Jun 12)