Grieve (grieve) wrote,
Grieve
grieve

Password Protection

First read this article: http://www.codinghorror.com/blog/archives/000949.html
Then this one: http://www.matasano.com/log/958/enough-with-the-rainbow-tables-what-you-need-to-know-about-secure-password-schemes/

It seems that a simple and easy protection against rainbow tables is to use a random salt per user stored in clear text. I was wondering if instead of a single salt you could use a selection of hash functions. Instead of storing the salt you store the set of hash functions you used in the order you used them. It seems as if this would surely defeat the attack from the Rainbow table. The only downside is that you have to have several good hash functions, which is not trivial.
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 0 comments