rfc:password_hash
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
rfc:password_hash [2012/10/16 09:05] – Implemented! ircmaxell | rfc:password_hash [2017/09/22 13:28] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 27: | Line 27: | ||
===== Common Misconceptions ===== | ===== Common Misconceptions ===== | ||
- | ==== Salts Need To Be Cryptographically Secure | + | ==== Salts Need To Be True Random |
- | Salts exist for a single reason: To make it so that any time (CPU effort) spent cracking a single password hash cannot be amortized across multiple hashes. That means that attacking a single password hash will have no impact on the time it will take attacking another hash. Based on that reason, salts only need to be unique | + | Salts exist for a single reason: To make it so that any time (CPU effort) spent cracking a single password hash cannot be amortized across multiple hashes. That means that attacking a single password hash will have no impact on the time it will take attacking another hash. Based on that reason, salts only need to be statistically globally |
==== Hash(password + salt) Is Fine ==== | ==== Hash(password + salt) Is Fine ==== | ||
Line 423: | Line 423: | ||
* 1.4 - Close Voting - Moving To Accepted | * 1.4 - Close Voting - Moving To Accepted | ||
* 1.5 - Implemented! | * 1.5 - Implemented! | ||
+ | * 1.5.1 - Fine tune wording of " |
rfc/password_hash.1350378347.txt.gz · Last modified: 2017/09/22 13:28 (external edit)