Message162871
> Martin, you fail to understand how this works. You don't do 2**32 tries to
> leak the 4 charaters, you need 4 * 256, that's why this attack is so bad,
> because the time needed for the next character is brute force, but then you
> can move on to the next one.
How so? Assume we have a hashed password, and assume we have somehow
guessed the first three bytes. How can I then find out the fourth byte
in only 256 tries?
I would have to generate passwords whose *hash* matches in the first
three bytes. This is not feasible, for any hash function that is worth
its salt. |
|
Date |
User |
Action |
Args |
2012-06-15 08:18:51 | loewis | set | recipients:
+ loewis, arigo, ncoghlan, pitrou, christian.heimes, fijall, hynek |
2012-06-15 08:18:50 | loewis | link | issue15061 messages |
2012-06-15 08:18:50 | loewis | create | |
|