[UPHPU] Update on the security of md5 (for those who were at
adamo at mindzion.com
Mon Jan 24 14:05:12 MST 2005
Smith, Jeff wrote:
> Sorry for being so naïve. I still do not understand why salting in a
web based app help protect from a dictionary attack. My question is if
I am using a dictionary attack against your website won't your
authentication routines automatically apply the correct salt. In other
words if I use a weak password, one that is a simple word, how does
using salt to protect the hash keep my password safe? This would keep
my hash safe but if someone can get access to my hash they can also
access my salt. If they can access my hash and my salt what it is the
point of salting?
> Jeff "the confused but trying to understand" Smith
Hrmm, I guess my last reply didn't go to the list. Sorry about that.
Anyway, salting prevents against dictionary attacks if the attacker has
the actual end hash.
More information about the UPHPU