|
rolleyes posted:I'm confused by it tbh. Unless I'm missing something, under normal circumstances salting a hash shouldn't prevent you from comparing hashed values (especially for the same user) because you'd normally use the same salt value for that user all of the time. As I understand it, the point of a salt isn't to make passwords hard to compare within your own database or organisation, it's to protect against rainbow table attacks if your database is compromised externally. They're saying if 15 different people used the same password they'd want to ban it, but they salt, and that's different for each user, so it's a no go. The goal is to eliminate any kind of top 10 password list or at least limit it to only 14 instances of "password1" or "adobeadobe".
|
# ¿ Nov 26, 2013 22:59 |
|
|
# ¿ Apr 27, 2024 23:46 |