This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author loewis
Recipients arigo, christian.heimes, fijall, hynek, loewis, ncoghlan, pitrou
Date 2012-06-15.08:18:50
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <4FDAEFE7.9090207@v.loewis.de>
In-reply-to <CAK5idxSa8Xw_qDqmBTVhOkQMxoCjuqv=u6eznCVndQkTLnqtfg@mail.gmail.com>
Content
> Martin, you fail to understand how this works. You don't do 2**32 tries to
> leak the 4 charaters, you need 4 * 256, that's why this attack is so bad,
> because the time needed for the next character is brute force, but then you
> can move on to the next one.

How so? Assume we have a hashed password, and assume we have somehow
guessed the first three bytes. How can I then find out the fourth byte
in only 256 tries?

I would have to generate passwords whose *hash* matches in the first
three bytes. This is not feasible, for any hash function that is worth
its salt.
History
Date User Action Args
2012-06-15 08:18:51loewissetrecipients: + loewis, arigo, ncoghlan, pitrou, christian.heimes, fijall, hynek
2012-06-15 08:18:50loewislinkissue15061 messages
2012-06-15 08:18:50loewiscreate