Rainbow tables are hash-realpassword pairs and can be very fast in telling you the password given the hashed-password

Yes - I get that salting helps from attack using a rainbow table.

But passwords are typically rather short so not too difficult to crack by brute force. Assuming the password is made up only of upper case, lower case letters and numbers then there are only (!) 218,340,105,584,896 permutations. That is 628. Whilst that's a lots of permutations, I read recently that 2011 technology could run through all those in 23 minutes. Imagine what 2021 technology can do and there is no need to go through them all. You stop when you get it right!

So, to take a simple example - let's say the hashed password was 1234abcdxxyyzz. Without salting you assume a minimum length of 3 characters so start at aaa then aab, aac, etc. If instead you have salts stored in the same table as the hashed password you just add the salt to the end and try the permutations. So instead of aaa you try aaaSaLT123, aabSaLT123, etc. until you get the result 1234abcdxxyyzz.

Or am I missing something? Is that not how it works?

In reply to Re^3: Replacing crypt() for password login via a digest - looking for stronger alternative by Bod
in thread Replacing crypt() for password login via a digest - looking for stronger alternative by davebaker

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.