Re: OT: password encryption (salt theory)

On Wed, 21 Aug 2002, Tim Ellis wrote:

> Of course. I argue everything does.

Ah, here's what I meant by a dictionary attack:

You precompute (offline) encrypted versions of your dictionary.  This
can be very slow; doesn't matter.  You just burn a CD or DVD with a
database mapping encrypted -> cleartext.

It's this precomputation attack which a salt thwarts.  A salt makes
it impractical to build up a dictionary of encrypted -> cleartext
mappings, because a given cleartext has millions of encrypted
equivalents.

> No matter how you obfuscate it, unless you can somehow turn it into a
> O(x^n) problem, you're prone to dictionary attacks.

A dictionary attack as I understood it means the kind of precomputed
encrypted-to-cleartext lookup table I described above.  If you do your
mapping offline, you have the luxury of using an enormous set of
possible passwords with no computational penalty when you actually
carry out the attack.

--
David.