|
Message-ID: <55C9171F.1040203@gmail.com> Date: Mon, 10 Aug 2015 23:26:55 +0200 From: Marek Wrzosek <marek.wrzosek@...il.com> To: john-users@...ts.openwall.com Subject: Re: Can you help me? I need more valuable papers about time-memory trade-off. W dniu 10.08.2015 o 16:06, Marek Wrzosek pisze: > And about salts... They are the known part of plain-text, very random > and greatly increasing the N in formula of P_success. Why there is an > opinion, repeated many times by many people, that we'll need to make > rainbow table for every possible salt? Why not just adjust chain length > and chain count accordingly? More advanced reduction functions would be > needed because plain-text would be in the form of SALTpassword and there > could be different salt strength (length and charset) and different > password strength. Moore law is working for time-memory trade-off faster > than on time part of it alone. Maybe today rainbow tables are more > useful tool for weaker password-storing schemes than it was in 2003. > Do you know any good papers that will answer above questions? > > Best Regards > PS. I think, that there is possible similar trade-off with salts. Salts are nonces encoded into ASCII string, so every character should be equally probable, but we know how salt looks. If N is a product of N_salt and N_password, then we could lower the N_salt by making several rainbow tables for different classes of salts generated using something similar to mask mode, e.g. ?l?l?l?l, ?s?l?l?l or ?l?s?l?l and so on, avoiding ?a?a?a?a. There will be less rainbow tables than for every possible salt and tables would be smaller than one "perfect" table. Few salts will be missing, but rainbow tables for saltless hashes don't crack all passwords either. Correct me if I'm wrong. If I'm right, these tables would be like glove with razors. John is named after Jack the Ripper, so maybe john's younger brother could be named after Freddy Krueger (for now it is similarly fictitious ;-) I've forgotten about one question. Rainbow tables are consisting several smaller tables. How do they differ from each other? -- Marek Wrzosek marek.wrzosek@...il.com
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.