Are your passwords as "secure" as you think?

[litrelord]

Yeah that's the one

So even if your password was 'password' the system would assign the salt to your password, say '541t' making your password '541tpassword'. If someone has the password hash and is trying passwords until they find one that gives the same hash as yours then this stops them using a list of known passwords or a dictionary.

To make the system stronger you can have random salt values assigned to each user which are stored at a different location. Assuming an attacker got hold of the database containing the password hashes, unless they have the list of unique salts they'd have a hard job identifying the password as the salt has increased the password length.

Using this type also protects against rainbow tables which are huge lists of hashes and the passwords that made them. These tables take a long time to compute int he first place but then mean discovering the password takes seconds. With a large enough salt the time needed to create and store the rainbow table becomes unmanageable.

That's about as much as I know on the subject so if any of it's inaccurate please feel free to correct.

Nick

 

[SuperFerret]

I guess they mean: In cryptography, a salt comprises random bits that are used as one of the inputs to a key derivation function. The other input is usually a password or passphrase. The output of the key derivation function is stored as the encrypted version of the password. ...

Whooosh! and there goes that completely over my head

I'll just sit here and smile like I understand

 

[Domski]

Too much!!!

I'm now sitting with my fingers in my ears shouting "Lah Lah Lah Lah Lah" and hoping Sponge Bob Squarepants is on when I get home so I can revert back to my usual mental capacity.

Dom

 

[litrelord]

Too much!!!

I'm now sitting with my fingers in my ears shouting "Lah Lah Lah Lah Lah" and hoping Sponge Bob Squarepants is on when I get home so I can revert back to my usual mental capacity.

Dom

Squidward has given spongebob a secret word that will get him a free krabby patty burger.

To make sure no-one else can use this to get a free burger he gives a second secret word to Patrick.

He’ll give spongebob his burger when both secret words are used at the same time.

Patrick’s secret word is ‘salt’.



How's that?

Nick

 

[Domski]

Everyone worth their salt should know that Patrick has a secret box, not a word. You people are so thick sometimes

Dom

 

[MrKowz]

Squidward has given spongebob a secret word that will get him a free krabby patty burger.

To make sure no-one else can use this to get a free burger he gives a second secret word to Patrick.

He’ll give spongebob his burger when both secret words are used at the same time.

Patrick’s secret word is ‘salt’.



How's that?

Nick

 

[Andrew Fergus]

Except Patrick forgot the word he was supposed to remember......

 

[arkusM]

and knowing that he would forget, wrote it on the bottom of the box....

 

[RoryA]

but then ate the box.

 

[Gerald Higgins]

Now I'm really confused.
Next time I go to the fish and chip shop and they ask me if I want salt and sauce on my fish supper (or salt and vinegar if I'm below the border), what should I say ?