|
|
|
|
|
|
by TheLoneWolfling
3974 days ago
|
|
|
Except that that still leaves you open to a dictionary attack. Or rather, it accelerates a dictionary attack from O(sizeof(dictionary)) tries to O(length(hash)) tries. (Let's suppose you are comparing by hex digits. You try 16 dictionary "words" whose hashes start with 0...f. One of those should take slightly longer. You then try 16 dictionary "words" whose hashes start with the digit found previously with different second digits. (Skip any digits that you don't have a word for.) One of those should take slightly longer... Repeat until found.) This can be mitigated with a salt - if and only if you manage to prevent the user from figuring out how your salting scheme works. |
|
|