Hacker News new | ask | show | jobs
by jedberg 2016 days ago
To an extent, but there are easy ways to cut the search space. For example, you could make a unique request with garbage on it from a known IP every day, and then all you have to do is build a rainbow table for that one IP to find out what the salt is for each day, and then you can fully reconstruct the logs.
2 comments
mattlondon 2016 days ago
If the salt is a random 64bit number (for example) then "finding out" the salt is not trivial.
link
wpietri 2016 days ago
And unless I'm missing something, it seems easy to add plenty of bits to the salt until it's no longer practical to reverse.
link
YetAnotherNick 2016 days ago
@mattlondon: The salt is known to plausible, that is the only way someone can hash it.
link