Quote:
Originally Posted by jbjb
But you'd need one of those tables for each possible value of the salt. For a 256 bit salt, you'd need 2^256 tables of 700GB each - more bits of storage than there are atoms in the universe.
Not exactly "trivial".
|
An attacker only needs to identify the salt algorithm once and there are ways to simplify this. One way is for an attacker to pre-seed the database with a "trojan" account of their own making, enabling a known plaintext attack against that hashed entry. Once they identify how the salts are generated they can use this to generate custom tables, which is orders of magnitude faster than brute force and doesn't require infinite storage.
It's all relative. You might not call it trivial, but I don't call it difficult. Getting the database ostensibly is the most difficult step. Once an attacker has that then its just a matter of time until it's cracked.