|
|
|
|
|
|
by phaemon
5023 days ago
|
|
|
>testing passwords against multiple hashes (at the price of one) is impossible That's defending against a newly generated rainbow table. > And it is not possible to see if different entries shares a same password (or to see if they have a different password). That's repeating the first point with different words! It's defending against a pre-generated table. i.e. a rainbow table. Timing attacks are not mitigated by salts; they're mitigated by the design of the encryption. You should not rely on salts for this. In fact, if your hash is exposed you should assume your salt is also exposed. What do salts guard against other than rainbow tables? |
|
|
You lost me here. Anyway, the attacker does not need a rainbow table at all to attack against multiple hashes at the price of one.
> That's repeating the first point with different words! It's defending against a pre-generated table. i.e. a rainbow table.
Again, no rainbow tables at all are needed to see if different entries shares a password or not.
About timing attacks, see my earlier comment in this comment chain.
> You should not rely on salts for this. In fact, if your hash is exposed you should assume your salt is also exposed.
I see and agree with your point about "relying on salts", but salts just happens to (as a side-effect probably) mitigate the attack. Remember, your salts are not exposed "as-is" if the attacker manages to fetch the password hash using timing.