Let’s take a quick step back before talking about what’s wrong with the hashing algorithms of today. Worst of all, it’s leaving our hashed passwords vulnerable to the point that many existing accepted practices make salting and hashing next to useless.
#Remembear salted hash manual
Of course Moore’s law in itself is not new, it’s just that it has been effected on computer processing power to the point that what was once a very computationally high bar – the manual computing of vast numbers of hashes – is now rapidly becoming a very low bar. Suddenly, those nice tables of hashes for passwords of common structure became useless because the salted hash was entirely uncommon.īut now there’s an all new threat which has turned the tables on the salted hash – Moore’s law. Adding random bytes to the password before it was hashed introduced unpredictability which was the kryptonite to the rainbow table’s use of pre-computed hashes. So we started seasoning our passwords with salt. Suddenly, huge collections of passwords could be hashed and stored in these colourful little tables then compared to existing hashed passwords (often breached from other people’s databases) at an amazing rate of knots thus disclosing the original plain text version. Then along came those pesky rainbow tables. The one-directional nature of the hash meant that once passed through a hashing algorithm the stored password could only be validated by hashing another password (usually provided at logon) and comparing them.
In the beginning, there was password hashing and all was good.
0 kommentar(er)
