|
Posted by Unruh on July 15, 2008, 8:59 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>To get a hashed password, using SHA-256 algorithm.
Again for what? ARe you designing a system? Is this a system in use?
The purpose of the salt is to prevent the attacker from launching a
predetermined dictionary attack. Thus they could precompute the SHA has of
a huge dictionary and compare to the hashed password. If you have salted
it, they would need to precalculate n times as large a database where n is
the number of salts. If y ou are designing the thing, then it is up to you
to decide what value of n is big enough.
128 bits means that n is 2^128=10^40 .
>> >Which size is recommended for a salt?
>>
>> Ffor what? The answer could be anywhere from 0 bytes to 1000 bytes.
>>
>> >The 'bcrypt' hash algorithm (created by OpenBSD) uses a size of 128
>> >bits (16 bytes).
| 
XML site map