Private Key Generation from Passwords/phrases

Anton Stiglic astiglic at okiok.com
Wed Jan 31 06:52:52 EST 2007


Bill Stewart wrote:
>Salt is designed to address a couple of threats
>- Pre-computing password dictionaries for attacking wimpy passwords
>...

Yes indeed.  The rainbow-tables style attacks are important to protect
against, and a salt does the trick.  This is why you can find rainbow tables
for LanMan and NTLMv1 hashed passwords, but not for NTLMv2.
This to me is the most important property achieved with a salt, and the salt
doesn't have to be that big to be effective.

--Anton




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list