First, I do not advocate anything here. I asked a question. Second, working with... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

romaniv on June 6, 2012 | parent | context | favorite | on: 6.5 Million LinkedIn Password Hashes Leaked

First, I do not advocate anything here. I asked a question.

Second, working with a large string of bits is the same as recursive hashing only if you can pre-compute some small intermediate state of the hash function for that string independently from the password you're trying to guess. If you can't, you would have to work with the entire string for every new password tried.

tptacek on June 6, 2012 [–]

I answered your question: using a very large "salt" to force a password hash to run more block functions is a bad idea.

Modern password crackers are extremely fast without precomputing anything.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact