security - Ultimate Hash Protection - Discussion of Concepts -


OK, so the whole problem with the hash is that users do not enter the password for more than 15 characters. Most use only 4-8 characters, so they can be made easy for those attacking the rainbow table.

The solution, using a user salt, is to make the input more complex and more than 50chars so that they can never be generated in a table (the larger way for the wire of that size). Plus, they have to create a new table for each user. Problem: If they download DB, then users will get salt so that they can return to the adequate one.

Solution, use a user "black pepper" besides salt, even if they find DB they will still know the config file Problem: if they can join your DB prospects then they Your file system can also be included and your site can search for chillies.

So, with all this known - let's assume that an attacker is in your site and everything happens, everything now what do you do?

At this point in the discussion, most people "pay attention to this?" But this is just a cheap way of saying "I do not know what to do next, so it can not be important". Sadly, everywhere and I have answered the question that has been answered. Which indicates that most programmers miss a very important point.

Your site is similar to the other 95% of sites and user data - or completely login - it's not right that the attacker comes after one user "Bob" because he knows that " Bob "uses the same password on your site as they do on the bank site, they also know that Bob's life is saved there. Now, if the attacker can only break our sites, the rest of the cake will be a piece.

So here's my question - how can you increase the length of the password without any kind of path? Or how do you make complex procedures to duplicate from time to time? The only thing that I have come across is that you can havehatham palm again thousands of times and you can increase the time when it will take one aspect of 1000 to make the last rainbow. This is because the attacker should follow the same path while building his tables.

Any other ideas?

Solution, use a user's salt hash input more complex and more than 50chars Create so that they can never generate a table (big way for the wire of that size). Plus, they have to create a new table for each user. Problem: If they download DB, then users will get salt so that they can return to the adequate one.

This argument is misleading.

A rainbow table (which is a typical implementation of the general dictionary attack) trades in place for time. However, it takes a lot of time to create a dictionary (rainbow or otherwise). It is only meaningful, when it can be used against many hashes, salt prevents it from being salt, there is no need to be confidential, it needs to be unexpected for a given password. This gives an opportunity for an attacker to produce a dictionary specifically for salt.


Comments

Post a Comment

Popular posts from this blog

python - Overriding the save method in Django ModelForm -

I'm having trouble overriding a ModelForm save method. I get this error I'm: Exception type: TypeErier Exception Value: Save () found an unexpected keyword argument 'committed' My intentions include a form 3 fields Submit several values ​​for, then create an object for each combination of those areas, and to save each object file models.py class collarsult type (models.Model): id = model. AutoField (db_column = 'icontact_result_code_type_id', primary_key = true) callResult = models.ForeignKey ( 'CallResult', db_column = 'icontact_result_code_id') campaign = models.ForeignKey ( 'campaign', db_column = 'icampaign_id') CALLTYPE = models.ForeignKey ( 'CALLTYPE', db_column = 'icall_type_id') agent = models.BooleanField (db_column = 'bagent', default = true) teamLeader = models.BooleanField (db_column = 'bTeamLeader', default = true) active = models.BooleanField (db_column = Django.form...
Read more

html - CSS autoheight, but fit content to height of div -

I have a div in which there are three children- div in the left and middle div: float: left while true: float: true because it is my layout Actually will spoil, I've used ClearFix Hack: .cf {zoom: 1; }. Cf: First,. Cf: {content: ""; Display: Table; }. Cf: After {clear: both; } It still works, but I want to be the right div an indicator. So it should fill 100% of the parent unit of height. How can I complete this? PS is the full code: & Lt; / Div & gt; & Lt; Div class = "mobile_content" & gt; & Lt; H5 & gt; {{Data.titel}} & lt; / H5> & Lt; Table & gt; & Lt; TR & gt; & Lt; Th & gt; Komponist: & lt; / Th & gt; & Lt; TD & gt; {{Data.komponist}} & lt; / TD & gt; & Lt; / TR & gt; & Lt; TR & gt; & Lt; Th & gt; Instrument: & lt; / Th & gt; & Lt; TD & gt; {{Data.instrumente}} & lt; / TD & gt; & Lt; / TR & gt;...
Read more

qt - How to prevent QAudioInput from automatically boosting the master volume to 100%? -

I have been trying to use Qt5 multimedia to record audio with QAudioInput, however, when I see If QAudioInput is started, it increases the master volume of my sound device to 100%. How can I prevent QAudioInput from changing the master volume? My current development platform is Linux with PalsAdio (with flat audio disabled). How can I use QAudioInput : QAudioDeviceInfo device_info = QAudioDeviceInfo :: defaultInputDevice (); QAudio format format; Format.setSampleRate (44100); Format.setChannelCount (1); Format.setSampleSize (16); Format.setCodec ("Audio / PCM"); Format.setSampleType (QAudioFormat :: SignedInt); Format.setByteOrder (QAudioFormat :: LittleEndian); Std :: cout & lt; & Lt; Device_info.deviceName (). ToUtf8 (). ConstData () & lt; & Lt; Std :: endl; QAudioInput * default_device = new QAudioInput (device_info, format); QIODevice * default_io_device = default_device-> Start (); a QAudioInput.setVolume () method is not you I ...
Read more