![]() It looks like you need some intutition on what salts are to understand why. But this won't get you anywhere and will in fact only make your life harder. Technically yes, you can take the string that is the entry and just strip off the salt. They can easily remove the salt from the hashed password Salting doesn't play a major role in this because rate-limiting should be the constraining factor before salting and expensive hash functions are.īut how does one get access to hashed+salted password in the firstĪs you figured out, attackers usually get access to the hashes and the corresponding salts (and other required parameters) by obtaining the corresponding database table. Yes, this is indeed the case and good practice to prevent online guessing attacks, that is to prevent an attacker from guessing a password just from trying to log in with it. Understand how one could use brute force algorithm to crack someone's I read this article on how hashing should be properly used which also recommends using salt among other methods and as far as I understand one of the main reasons for hashing a password with salt is that if someone obtains access to the database then it'll be hard to convert hashed password to real password.īut how does one get access to hashed+salted password in the first place? If they get access to the whole database then they can easily remove the salt from the hashed password (by removing fixed size string from the beginning of the hashed password) and then we get back to point zero where the hacker can use the obtained value to perform lookup via lookup tables.Īlso most of the reputable websites who care about security will place a limit on how many times you can enter credentials so I don't understand how one could use brute force algorithm to crack someone's password.Īlso most of the reputable websites who care about security will placeĪ limit on how many times you can enter credentials so I don't After playing around with bcrypt I see that the database stores the salt and the hashed password is prepended with the salt. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |