Re: OT: password encryption (salt theory)

From: "David F(dot) Skoll" <dfs(at)roaringpenguin(dot)com>
To: Tim Ellis <Tim(dot)Ellis(at)gamet(dot)com>
Cc: fstefan(at)cable(dot)vol(dot)at, <pgsql-admin(at)postgresql(dot)org>
Subject: Re: OT: password encryption (salt theory)
Date: 2002-08-22 02:19:17
Message-ID: Pine.LNX.4.44.0208212215480.31571-100000@shishi.roaringpenguin.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

On Wed, 21 Aug 2002, Tim Ellis wrote:

> Of course. I argue everything does.

Ah, here's what I meant by a dictionary attack:

You precompute (offline) encrypted versions of your dictionary. This
can be very slow; doesn't matter. You just burn a CD or DVD with a
database mapping encrypted -> cleartext.

It's this precomputation attack which a salt thwarts. A salt makes
it impractical to build up a dictionary of encrypted -> cleartext
mappings, because a given cleartext has millions of encrypted
equivalents.

> No matter how you obfuscate it, unless you can somehow turn it into a
> O(x^n) problem, you're prone to dictionary attacks.

A dictionary attack as I understood it means the kind of precomputed
encrypted-to-cleartext lookup table I described above. If you do your
mapping offline, you have the luxury of using an enormous set of
possible passwords with no computational penalty when you actually
carry out the attack.

--
David.

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Mark Stosberg 2002-08-22 02:20:54 Re: Event recurrence - in database or in application code ????
Previous Message Bruce Momjian 2002-08-22 02:12:57 Re: password encryption