View Single Post
Old 03-12-2025, 11:55 AM   #2653
ratinox
Guru
ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.ratinox ought to be getting tired of karma fortunes by now.
 
Posts: 808
Karma: 11053908
Join Date: Oct 2016
Location: Somewhere in Time
Device: Forma, iPad Mini
Quote:
Originally Posted by jbjb View Post
But you'd need one of those tables for each possible value of the salt. For a 256 bit salt, you'd need 2^256 tables of 700GB each - more bits of storage than there are atoms in the universe.

Not exactly "trivial".
An attacker only needs to identify the salt algorithm once and there are ways to simplify this. One way is for an attacker to pre-seed the database with a "trojan" account of their own making, enabling a known plaintext attack against that hashed entry. Once they identify how the salts are generated they can use this to generate custom tables, which is orders of magnitude faster than brute force and doesn't require infinite storage.

It's all relative. You might not call it trivial, but I don't call it difficult. Getting the database ostensibly is the most difficult step. Once an attacker has that then its just a matter of time until it's cracked.
ratinox is offline   Reply With Quote